LDAP Injection Anti-Pattern

Severity: High

Summary

LDAP Injection occurs when user input is insecurely inserted into LDAP queries without escaping special characters. Attackers manipulate query logic through character injection, enabling authentication bypass, unauthorized data access, privilege escalation, and directory structure disclosure.

The Anti-Pattern

Never build LDAP filters by concatenating unescaped user input. Special characters alter filter structure and meaning.

BAD Code Example

# VULNERABLE: Unescaped user input concatenated into LDAP filter
import ldap