Java Reference
In-Depth Information
dc: example
dn: ou=People,dc=example,dc=com
ou: People
objectClass: dcobject
objectClass: organizationalUnit
dc: example
dn: cn=Manager,ou=People,dc=example,dc=com
cn: Manager
sn: John Watson
# Several objectClass definitions here (omitted)
userPassword: secret1
mail: john@holmesassociates.com
dn: cn=Senior Manager,ou=People,dc=example,dc=com
cn: Senior Manager
sn: Sherlock Holmes
# Several objectClass definitions here (omitted)
userPassword: secret2
mail: sherlock@holmesassociates.com
A search for a valid user name and password often takes the form
(&(sn=<USERSN>)(userPassword=<USERPASSWORD>))
However, an attacker could bypass authentication by using
S*
for the
USERSN
field and
*
for the
USERPASSWORD
field. Such input would yield every record whose
USERSN
field
began with
S
.
An authentication routine that permitted LDAP injection would allow unauthorized
users to log in. Likewise, a search routine would allow an attacker to discover part or all
of the data in the directory.
Noncompliant Code Example
Thisnoncompliantcodeexampleallowsacallerofthemethod
searchRecord()
tosearch
for a record in the directory using the LDAP protocol. The string
filter
is used to filter
the result set for those entries that match a user name and password supplied by the caller.
