Missing authentication for critical function (LDAP)
Description
Without proper access control, executing an LDAP statement that contains a user-controlled value can allow an attacker to abuse poorly configured LDAP context
Examples
Insecure Code
kotlin
Context.SECURITY_AUTHENTICATION = "none"Secure Code
kotlin
Context.SECURITY_AUTHENTICATION = "simple"Remediation
Configure authentication for LDAP connections by setting the security authentication to a suitable method, such as simple or strong authentication
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0325 |
| Category | Auth |
| Severity | MEDIUM |
| CWE | CWE-306 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | authentication, ldap |
| OWASP | A2:2017-Broken Authentication, A07:2021-Identification and Authentication Failures |