LDAP injection
Description
The system builds LDAP queries using untrusted data that could modify the query.
Impact
Inject LDAP statements to extract sensitive information without authorization.
Recommendation
- Avoid using untrusted data to generate dynamic LDAP queries.
Threat
Authenticated attacker from the Internet.
Expected Remediation Time
⏱️ 45 minutes.
Requirements
173 - Discard unsafe inputs