28 lines
962 B
Plaintext
28 lines
962 B
Plaintext
=== What is the potential impact?
|
|
|
|
In the context of a web application vulnerable to LDAP injection: after
|
|
discovering the injection point, attackers insert data into the vulnerable
|
|
field to execute malicious LDAP commands.
|
|
|
|
The impact of this vulnerability depends on how vital LDAP servers are to the
|
|
organization.
|
|
|
|
Below are some real-world scenarios that illustrate some impacts of an attacker
|
|
exploiting the vulnerability.
|
|
|
|
==== Data leakage or corruption
|
|
|
|
In typical scenarios where systems perform innocuous LDAP operations to find
|
|
users or create inventories, an LDAP injection could result in data
|
|
leakage or corruption.
|
|
|
|
==== Privilege escalation
|
|
|
|
A malicious LDAP query could allow an attacker to impersonate a low-privileged
|
|
user or an administrator in scenarios where systems perform authorization
|
|
checks or authentication.
|
|
|
|
Attackers use this vulnerability to find multiple footholds on target
|
|
organizations by gathering authentication bypasses.
|
|
|