Fluid Attacks Database

Description

Detects anonymous LDAP bindings in Java applications that allow unauthenticated access to LDAP directories. Anonymous LDAP binds pose a security risk by permitting access to directory services without proper authentication, potentially exposing sensitive directory data to unauthorized users.

Weakness:

107 - LDAP injection

Category: Unexpected Injection

Detection Strategy

• Identifies instantiations of InitialDirContext class in Java code

• Examines the environment/context properties passed to InitialDirContext constructor

• Checks if authentication context is set to 'anonymous' or contains anonymous binding configuration

• Reports a vulnerability when LDAP connection allows anonymous access

Vulnerable code example

import javax.naming.Context
import javax.naming.directory.InitialDirContext

fun ldapBind() {
    val env = HashMap<String, Any>()
    env.put(Context.PROVIDER_URL, "ldap://server:389")
    env.put(Context.SECURITY_AUTHENTICATION, "none")  // Vulnerable: Using "none" disables authentication
    val ctx = InitialDirContext(env)...

✅ Secure code example

import javax.naming.Context
import javax.naming.directory.InitialDirContext

fun ldapBind() {
    val env = HashMap<String, Any>()
    env.put(Context.PROVIDER_URL, "ldap://server:389")
    env.put(Context.SECURITY_AUTHENTICATION, "simple")  // Fixed: Using "simple" auth instead of "none"
    env.put(Context.SECURITY_PRINCIPAL, "cn=admin,dc=example,dc=com")  // Added required credentials...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.