CX LDAP_Injection @ src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02571.java [main]

LDAP_Injection issue exists @ src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02571.java in branch main

The application's doPost method constructs an LDAP query, at line 86 of src\main\java\org\owasp\benchmark\testcode\BenchmarkTest02571.java, embedding an untrusted string search into the query without proper sanitization. The constructed string is used to query an LDAP server, for authentication or data retrieval.  This may enable an attacker to modify the LDAP parameters, leading to an LDAP Injection attack. An attacker may be able to inject arbitrary data into the LDAP query, by altering the user input getQueryString, which is read by the doPost method, at line 43 of src\main\java\org\owasp\benchmark\testcode\BenchmarkTest02571.java. This input then flows through the code to the LDAP server, without sanitization. Similarity ID: -1592791031

Severity: High

CWE:90

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 43

---

Code (Line #43):

String queryString = request.getQueryString();

---