• Description

app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization.

  • Additional Information

Repo link: https://github.com/LibrIT/passhport

  • Vulnerability Type

CWE-090: LDAP Injection

  • Vendor of Product

LibrIT

  • Affected Product Code Base

passhport - <= Grive

  • Affected Component

passhportd/app/views_mod/user/user.py -> (line 77) login = request.form[“login”] -> (line 85) result = try_login(login, password) -> (line 66) return try_ldap_login(login, password) -> (line 51) uid = useruid(s, login) -> (line 29) login not sanitized

  • Attack Vectors

To exploit this vulnerability an attacker has to craft a query escaping the search filter.

  • References

https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-2078

https://owasp.org/www-community/attacks/LDAP_Injection

https://portswigger.net/kb/issues/00100500_ldap-injection