-
Notifications
You must be signed in to change notification settings - Fork 245
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Go]: Add Improper LDAP Authentication query #762
Comments
Thank you for your contribution! This reminds me of github/codeql#5444, but using user-controlled data instead 🚀 |
🎉 Could you address github/codeql#13366 (comment)? It seems that your query should catch |
Hi @jorgectf , I didn't realize that in v3 empty password option with Bind is disabled, sorry for the inconvenience 😅 |
Your submission is now in status Closed. For information, the evaluation workflow is the following: |
Due to the fact that LDAP version 3 is not vulnerable, it will not be included in the query. However, the reviewer has said that it would make sense to add v2 to the query instead. 😄 |
Sorry for the delay, it has already been rewritten :) |
Your submission is now in status Test run. For information, the evaluation workflow is the following: |
Your submission is now in status Query review. For information, the evaluation workflow is the following: |
Your submission is now in status Final decision. For information, the evaluation workflow is the following: |
Your submission is now in status Pay. For information, the evaluation workflow is the following: |
Created Hackerone report 2250587 for bounty 530077 : [762] [Go]: Add Improper LDAP Authentication query |
Your submission is now in status Closed. For information, the evaluation workflow is the following: |
Query PR
github/codeql#13366
Language
GoLang
CVE(s) ID list
CWE
CWE-287
Report
This query covers Improper LDAP Authentication, that con occur when an application uses user-supplied data to establish a connection to a LDAP server.
I used a dataflow configuration looking for UntrustedFlowSource flowing to the password used in LDAP binding.
In order to avoid false positives I used RegexpCheck and equalityAsSanitizerGuard as barriers. For
equalityAsSanitizerGuard
I have taken as an example theequalityAsSanitizerGuard
used in SSRF query. The difference here is that the query will consider whether the string to be compared is empty or not (this should avoid several possible FP)Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response
The text was updated successfully, but these errors were encountered: