[jira] [Created] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

Richard N. Hillegas (Jira) Mon, 07 Nov 2022 05:16:12 -0800

Richard N. Hillegas created DERBY-7147:
------------------------------------------


             Summary: LDAP injection vulnerability in LDAPAuthenticationImpl
                 Key: DERBY-7147
                 URL: https://issues.apache.org/jira/browse/DERBY-7147
             Project: Derby
          Issue Type: Bug
          Components: JDBC
    Affects Versions: 10.16.1.1
            Reporter: Richard N. Hillegas
            Assignee: Richard N. Hillegas


An LDAP injection vulnerability has been identified in 
LDAPAuthenticationSchemeImpl.getDNFromUID(). An exploit has not been provided, 
but there is a possibility that an intruder could bypass authentication checks 
in Derby-powered applications which rely on external LDAP servers.

For more information on LDAP injection, see 
https://www.synopsys.com/glossary/what-is-ldap-injection.html




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (DERBY-7147) LDAP injection vulnerability in LDAPAuthenticationImpl

Reply via email to