Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (CWE ID 90)

17 Jan 2022


      I am Using SearchControls constraints = new SearchControls(); NamingEnumeration answer = ctx.search("DC=YourDomain,DC=com", "sAMAccountName=" + username, constraints); when i Run the Varacode Dynamic scan i am getting the Improper Neutralization of Special Elements
used in an LDAP Query ('LDAP Injection') when i debug i can see { constraints } is printing Special Characters like example ( specila@345678) so any solution or else any other alternate way to use instead of SearchControls

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (CWE ID 90)