=== What is the potential impact?

In the context of a web application vulnerable to LDAP injection: after
discovering the injection point, attackers insert data into the vulnerable
field to execute malicious LDAP commands.

The impact of this vulnerability depends on how vital LDAP servers are to the
organization.

Below are some real-world scenarios that illustrate some impacts of an attacker
exploiting the vulnerability.

==== Data leakage or corruption

In typical scenarios where systems perform innocuous LDAP operations to find
users or create inventories, an LDAP injection could result in data 
leakage or corruption.

==== Privilege escalation

A malicious LDAP query could allow an attacker to impersonate a low-privileged
user or an administrator in scenarios where systems perform authorization
checks or authentication.

Attackers use this vulnerability to find multiple footholds on target
organizations by gathering authentication bypasses.