OWASP Periodic Table of Vulnerabilities - LDAP Injection
Root Cause Summary
LDAP queries are formed using dynamic data without performing proper encoding, allowing the data to change the functional meaning of the query.
Browser / Standards Solution
Generic Framework Solution
The framework should provide safe libraries for interacting with LDAP servers which automatically encode unsafe data. The framework should not allow application code to directly interact with LDAP servers.
Custom Framework Solution
Custom Code Solution
Discussion / Controversy