Improperly implemented security check for standard

scala.ldap.scala_ldap_rule_anonymousldap

Severity

low

Resource

Ldap

Language

Scala

Description

Without proper access control, executing an LDAP statement that contains a user-controlled value can allow an attacker to abuse poorly configured LDAP context

Rationale

Without proper access control, executing an LDAP statement that contains a user-controlled value can allow an attacker to abuse poorly configured LDAP context

The following code illustrates a vulnerable pattern detected by this rule:

object AnonymousLDAP {
  private val ldapURI = "ldaps://ldap.server.com/dc=ldap,dc=server,dc=com"
  private val contextFactory = "com.sun.jndi.ldap.LdapCtxFactory"

  @throws[Exception]
  private def ldapContext(env: Hashtable[String, String]) = {
    env.put(Context.INITIAL_CONTEXT_FACTORY, contextFactory)
    env.put(Context.PROVIDER_URL, ldapURI)
    // VULNERABLE: Improperly implemented security check for standard
    env.put(Context.SECURITY_AUTHENTICATION, "none")
    val ctx = new InitialDirContext(env)
    ctx
  }

  @throws[Exception]
  def testBind(dn: String, password: String): Boolean = {
    val env = new Hashtable[String, String]
    env.put(Context.SECURITY_AUTHENTICATION, "simple") //false positive

    env.put(Context.SECURITY_PRINCIPAL, dn)
    env.put(Context.SECURITY_CREDENTIALS, password)
    try ldapContext(env)
    catch {
      case e: javax.naming.AuthenticationException =>
        return false
    }
    true
  }
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-358
OWASP Top 10 2021 - A03 : Injection.