LDAP injection

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages) This article provides insufficient context for those unfamiliar with the subject. Please help improve the article by providing more context for the reader. (December 2016) (Learn how and when to remove this message) The topic of this article may not meet Wikipedia's general notability guideline. Please help to demonstrate the notability of the topic by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be merged, redirected, or deleted. Find sources: "LDAP injection" – news · newspapers · books · scholar · JSTOR (December 2016) (Learn how and when to remove this message) (Learn how and when to remove this message)

In computer security, LDAP injection is a code injection technique used to exploit web applications which could reveal sensitive user information or modify information represented in the LDAP (Lightweight Directory Access Protocol) data stores.^[1][2][3] LDAP injection exploits a security vulnerability in an application by manipulating input parameters passed to internal search, add or modify functions. When an application fails to properly sanitize user input, it is possible for an attacker to modify a LDAP statement.

Use of LDAP injection becomes possible when the web application does not properly sanitize user input. Without such filtering, a malicious user may inject input that becomes part of an LDAP search expression. Executing the expression may result in the user being able to view, modify, or bypass authentication credentials on the LDAP server.^[1]

LDAP injection is a known attack and can be prevented by simple measures. All of the client supplied input must be checked/sanitized of any characters that may result in malicious behavior. The input validation should verify the input by checking for the presence of special characters that are a part of the LDAP query language, known data types, legal values, etc.. White list input validation can also be used to detect unauthorized input before it is passed to the LDAP query.