Advertisement

Login Bypass via LDAP Injection vulnerability detected

Discussion regarding Joomla! 5.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Post Reply
dudedowne
Joomla! Apprentice
Joomla! Apprentice
Posts: 26
Joined: Wed Oct 21, 2020 6:24 pm

Login Bypass via LDAP Injection vulnerability detected

Post by dudedowne » Mon Jul 29, 2024 3:08 pm

Hello,
We have begun testing our site for update to Joomla 5.1.2. Our security team ran a Web Application Scan and reported this vulnerability.

I have verified that we do not have any LDAP plugins enabled.

Is there a remediation for this vulnerability?

Could this be a false positive since we do not have LDAP enabled?

Thanks in advance for any information you can provide!

DD


Login Bypass via LDAP Injection
CWE http://cwe.mitre.org/data/definitions/90.html

Details
Threat
LDAP injection enables an attacker to modify the syntax of an LDAP query in order to retrieve, corrupt or delete data from the LDAP database. This is accomplished by manipulating query criteria in a manner that affects the query's logic. The typical causes of this vulnerability are lack of input validation and insecure construction of the LDAP query.

Queries created by concatenating strings with LDAP syntax and user-supplied data are prone to this vulnerability. If any part of the string concatenation can be modified, the meaning of the query can be changed. WAS scan checks if there was a successful login with injected queries.

Impact
The scope of a LDAP injection exploit varies greatly. If any LDAP statement can be injected into the query, the attacker has the equivalent access of an LDAP database administrator. This access could lead to theft of data, malicious corruption of data, or deletion of data.

Solution
LDAP injection vulnerabilities can be mitigated with input validation and enhanced LDAP security.
All input received from the web client should be validated for correct content. If a value's type or content range is known beforehand, then stricter filters should be applied. For example, an email address should be in a specific format and only contain characters that make it a valid address, or numeric fields like a U.S. zip
code should be limited to five digit values.

LDAP injection exploits can be mitigated by the use of Access Control Lists or role-based access within the database. For example, a read-only account would prevent an attacker from modifying data, but would not prevent the attacker from viewing unauthorized data. Table and row-based access controls potentially minimize the scope of a compromise, but they do not prevent exploits.

Advertisement
User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 17739
Joined: Thu Feb 15, 2007 5:48 am
Location: Sydney, Australia

Re: Login Bypass via LDAP Injection vulnerability detected

Post by toivo » Mon Jul 29, 2024 10:10 pm

It sounds like a false positive. Did the security team not provide any details how this far-fetched vulnerability was found? CWE-90 is generic, not language-specific and Joomla is not mentioned. It was first reported in July 2006, a few weeks before Joomla 1.0.10 was released.

On the other hand, an LDAP vulnerability was reported on July 27, 2017, affecting Joomla versions from 1.5.0 to 3.7.5. Joomla 3.8.0 was released on September 19, 2017.

Ref. 1 CVE-2017-14596
Ref. 2 Security Announcements - [20170902] - Core - LDAP Information Disclosure
Toivo Talikka, Global Moderator

Advertisement

Post Reply

Return to “Security in Joomla! 5.x”