LDAP injection

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages) This article provides insufficient context for those unfamiliar with the subject. Please help improve the article by providing more context for the reader. (December 2016) (Learn how and when to remove this message) This article contains no links to other Wikipedia articles. Please help improve this article by adding links that are relevant to the context within the existing text. (December 2016) The topic of this article may not meet Wikipedia's general notability guideline. Please help to demonstrate the notability of the topic by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be merged, redirected, or deleted. Find sources: "LDAP injection" – news · newspapers · books · scholar · JSTOR (December 2016) (Learn how and when to remove this message) This article does not cite any sources. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "LDAP injection" – news · newspapers · books · scholar · JSTOR (December 2016) (Learn how and when to remove this message) (Learn how and when to remove this message)

1. 1. Summary

LDAP (Lightweight Direct Access Protocol) injection is a code injection technique used to exploit web based applications which could reveal sensitive user information or modify information represented in the LDAP structure. LDAP injection exploits a security vulnerability in an application by manipulating input parameters passed to internal search, add or modify functions. When an application fails to properly sanitize the input, it is possible for an attacker to modify a LDAP statement.

1. 1. Technical Implementation

LDAP injection occurs when user input it not properly sanitized and then used as part of a dynamically generated LDAP filter. This results in potential manipulation of the LDAP statements performed on the LDAP server by the end-user to either view, modify, or bypass authentication credentials.

1. 1. Prevention

LDAP injection is a known attack and can be prevented by simple measures. All of the client supplied input must be checked/sanitized of any characters that may result in malicious behavior. The input validation should verify the input by checking for the presence of special characters that are a part of the LDAP query language, known data types, legal values, etc.. White list input validation can also be used to detect unauthorized input before it is passed to the LDAP query.

This article has not been added to any content categories. Please help out by adding categories to it so that it can be listed with similar articles. (December 2016)