VYPR

CWE-90

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

BaseDraft

Description

The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-136

CVEs mapped to this weakness (42)

page 3 of 3
  • CVE-2021-23335Feb 11, 2021
    risk 0.00cvss epss 0.01

    All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure.

  • CVE-2018-5730LowMar 6, 2018
    risk 0.00cvss 3.8epss 0.02

    MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a…