Common Weakness Enumeration

CWE-90

Allowed

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Abstraction: Base · Status: Draft

The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

114 vulnerabilities reference this CWE, most recent first.

GHSA-75V6-GF74-7FJW

Vulnerability from github – Published: 2026-01-30 15:31 – Updated: 2026-01-30 15:31
VLAI
Details

An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to authenticate as an LDAP user with a partial identifier if they additionally have that user's valid passphrase.This issue affects Fireware OS: from 12.0 through 12.11.6, from 12.5 through 12.5.15, from 2025.1 through 2026.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1498"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-30T13:15:54Z",
    "severity": "HIGH"
  },
  "details": "An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to authenticate as an LDAP user with a partial identifier if they additionally have that user\u0027s valid passphrase.This issue affects Fireware OS: from 12.0 through 12.11.6, from 12.5 through 12.5.15, from 2025.1 through 2026.0.",
  "id": "GHSA-75v6-gf74-7fjw",
  "modified": "2026-01-30T15:31:14Z",
  "published": "2026-01-30T15:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1498"
    },
    {
      "type": "WEB",
      "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-78X9-6J67-9RJ6

Vulnerability from github – Published: 2025-01-14 12:31 – Updated: 2025-01-14 12:31
VLAI
Details

A vulnerability has been identified in Mendix LDAP (All versions < V1.1.2). Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56841"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-14T11:15:17Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability has been identified in Mendix LDAP (All versions \u003c V1.1.2). Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification.",
  "id": "GHSA-78x9-6j67-9rj6",
  "modified": "2025-01-14T12:31:50Z",
  "published": "2025-01-14T12:31:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56841"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-314390.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-7M6R-FHH7-R47C

Vulnerability from github – Published: 2026-03-11 00:23 – Updated: 2026-03-11 05:47
VLAI
Summary
Parse Server vulnerable to LDAP injection via unsanitized user input in DN and group filter construction
Details

Impact

The LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input (authData.id) is interpolated directly into LDAP Distinguished Names (DN) and group search filters without escaping special characters. This allows an attacker with valid LDAP credentials to manipulate the bind DN structure and to bypass group membership checks. This enables privilege escalation from any authenticated LDAP user to a member of any restricted group.

The vulnerability affects Parse Server deployments that use the LDAP authentication adapter with group-based access control.

Patches

The vulnerability is fixed by escaping user input before interpolation into DN strings (per RFC 4514) and LDAP filter strings (per RFC 4515).

Workarounds

There is no known workaround.

References

  • GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-7m6r-fhh7-r47c
  • Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.13
  • Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.26
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0-alpha.1"
            },
            {
              "fixed": "9.5.2-alpha.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.6.26"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-31828"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-11T00:23:21Z",
    "nvd_published_at": "2026-03-10T22:16:20Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nThe LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input (`authData.id`) is interpolated directly into LDAP Distinguished Names (DN) and group search filters without escaping special characters. This allows an attacker with valid LDAP credentials to manipulate the bind DN structure and to bypass group membership checks. This enables privilege escalation from any authenticated LDAP user to a member of any restricted group.\n\nThe vulnerability affects Parse Server deployments that use the LDAP authentication adapter with group-based access control.\n\n### Patches\n\nThe vulnerability is fixed by escaping user input before interpolation into DN strings (per [RFC 4514](https://datatracker.ietf.org/doc/html/rfc4514#section-2.4)) and LDAP filter strings (per [RFC 4515](https://datatracker.ietf.org/doc/html/rfc4515#section-3)).\n\n### Workarounds\n\nThere is no known workaround.\n\n### References\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-7m6r-fhh7-r47c\n- Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.13\n- Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.26",
  "id": "GHSA-7m6r-fhh7-r47c",
  "modified": "2026-03-11T05:47:03Z",
  "published": "2026-03-11T00:23:21Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-7m6r-fhh7-r47c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31828"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/parse-community/parse-server"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/releases/tag/8.6.26"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/releases/tag/9.5.2-alpha.13"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Parse Server vulnerable to LDAP injection via unsanitized user input in DN and group filter construction"
}

GHSA-82MG-X548-GQ3J

Vulnerability from github – Published: 2020-08-31 22:49 – Updated: 2021-09-23 19:58
VLAI
Summary
LDAP Injection in ldapauth
Details

Versions 2.2.4 and earlier of ldapauth-fork are affected by an LDAP injection vulnerability. This allows an attacker to inject and run arbitrary LDAP commands via the username parameter.

Recommendation

ldapauth is not actively maintained, having not seen a publish since 2014. As a result, there is no patch available. Consider updating to use ldapauth-fork 2.3.3 or greater.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "ldapauth-fork"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 2.2.4"
      },
      "package": {
        "ecosystem": "npm",
        "name": "ldapauth"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-7294"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:07:59Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Versions 2.2.4 and earlier of `ldapauth-fork` are affected by an LDAP injection vulnerability. This allows an attacker to inject and run arbitrary LDAP commands via the username parameter.\n\n\n\n## Recommendation\n\nldapauth is not actively maintained, having not seen a publish since 2014. As a result, there is no patch available. Consider updating to use [ldapauth-fork](https://www.npmjs.com/package/ldapauth-fork) 2.3.3 or greater.",
  "id": "GHSA-82mg-x548-gq3j",
  "modified": "2021-09-23T19:58:02Z",
  "published": "2020-08-31T22:49:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7294"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vesse/node-ldapauth-fork/issues/21"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vesse/node-ldapauth-fork/commit/3feea43e243698bcaeffa904a7324f4d96df60e4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vesse/node-ldapauth-fork"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/18"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/19"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/09/18/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/09/18/8"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/09/21/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "LDAP Injection in ldapauth"
}

GHSA-8HC5-RMGF-QX6P

Vulnerability from github – Published: 2023-11-29 21:33 – Updated: 2023-11-29 21:33
VLAI
Summary
Keycloak vulnerable to LDAP Injection on UsernameForm Login
Details

A flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-ldap-federation"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "23.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "23.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-2232"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-29T21:33:07Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "A flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server.",
  "id": "GHSA-8hc5-rmgf-qx6p",
  "modified": "2023-11-29T21:33:07Z",
  "published": "2023-11-29T21:33:07Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keycloak/keycloak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Keycloak vulnerable to LDAP Injection on UsernameForm Login"
}

GHSA-8P37-98J5-XM75

Vulnerability from github – Published: 2022-05-17 03:03 – Updated: 2022-05-17 03:03
VLAI
Details

EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-9870"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-23T07:59:00Z",
    "severity": "HIGH"
  },
  "details": "EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system.",
  "id": "GHSA-8p37-98j5-xm75",
  "modified": "2022-05-17T03:03:05Z",
  "published": "2022-05-17T03:03:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9870"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/540020/30/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95626"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9PFQ-C8XC-7Q54

Vulnerability from github – Published: 2026-05-19 12:31 – Updated: 2026-05-19 21:32
VLAI
Details

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 24.09.06.

Users are recommended to upgrade to version 24.09.06, which fixes the issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-41919"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-19T10:16:24Z",
    "severity": "CRITICAL"
  },
  "details": "Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027) vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue.",
  "id": "GHSA-9pfq-c8xc-7q54",
  "modified": "2026-05-19T21:32:03Z",
  "published": "2026-05-19T12:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41919"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/592czh9o69n74c036vy30fnqknocw74p"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/19/27"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C3FC-8QFF-9HWX

Vulnerability from github – Published: 2026-04-17 18:31 – Updated: 2026-04-18 01:06
VLAI
Summary
Bouncy Castle has an LDAP injection
Details

Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper.

This issue affects BC-JAVA: from 1.74 before 1.84.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.bouncycastle:bcprov-jdk14"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.74"
            },
            {
              "fixed": "1.84"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.bouncycastle:bcprov-jdk15to18"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.74"
            },
            {
              "fixed": "1.84"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.bouncycastle:bcprov-jdk18on"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.74"
            },
            {
              "fixed": "1.84"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-0636"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-18T01:06:02Z",
    "nvd_published_at": "2026-04-15T10:16:38Z",
    "severity": "MODERATE"
  },
  "details": "Improper neutralization of special elements used in an LDAP query (\u0027LDAP injection\u0027) vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper.\n\nThis issue affects BC-JAVA: from 1.74 before 1.84.",
  "id": "GHSA-c3fc-8qff-9hwx",
  "modified": "2026-04-18T01:06:02Z",
  "published": "2026-04-17T18:31:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0636"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bcgit/bc-java/commit/d20cdb8430e09224114fec0179a71859929fcbde"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bcgit/bc-java"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/RE:M/U:Amber",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Bouncy Castle has an LDAP injection"
}

GHSA-C745-X889-V4RC

Vulnerability from github – Published: 2022-05-17 00:47 – Updated: 2025-04-20 03:45
VLAI
Details

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14596"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-20T18:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.",
  "id": "GHSA-c745-x889-v4rc",
  "modified": "2025-04-20T03:45:35Z",
  "published": "2022-05-17T00:47:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14596"
    },
    {
      "type": "WEB",
      "url": "https://blog.ripstech.com/2017/joomla-takeover-in-20-seconds-with-ldap-injection-cve-2017-14596"
    },
    {
      "type": "WEB",
      "url": "https://developer.joomla.org/security-centre/711-20170902-core-ldap-information-disclosure"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100898"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039407"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CHJ8-5XGW-WCVJ

Vulnerability from github – Published: 2019-01-07 19:14 – Updated: 2021-09-09 18:04
VLAI
Summary
Moderate severity vulnerability that affects org.apache.karaf:apache-karaf
Details

Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.karaf:apache-karaf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-8750"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:31:46Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.",
  "id": "GHSA-chj8-5xgw-wcvj",
  "modified": "2021-09-09T18:04:45Z",
  "published": "2019-01-07T19:14:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8750"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1322"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-chj8-5xgw-wcvj"
    },
    {
      "type": "WEB",
      "url": "https://karaf.apache.org/security/cve-2016-8750.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103098"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Moderate severity vulnerability that affects org.apache.karaf:apache-karaf"
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
CAPEC-136: LDAP Injection

An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.