LDAP Injection - Githubissues

matomo-org / matomo

Empowering People Ethically with the leading open source alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. Liberating Web Analytics. Star us on Github? +1. And we love Pull Requests!

https://matomo.org/

GNU General Public License v3.0

19.71k stars 2.62k forks source link

LDAP Injection #14987

Closed JeyakumarThangaraj closed 4 years ago

JeyakumarThangaraj commented 4 years ago

Dear Team,

LDAP injection has found on piwik request in both android and IOS. Kindly advise how to resolve this issue. Please find Reference - https://github.com/matomo-org/matomo-sdk-android/issues/266

Find the details below: LDAP injection attempt ( uid )

• Signature Type :Request • Attack Type :LDAP Injection • Accuracy :Low • Risk :Low

Regards, Jeyakumar

Findus23 commented 4 years ago

As I already mentioned in https://github.com/matomo-org/matomo-sdk-android/issues/266#issuecomment-539550618: Please use the intended ways to report security issues (so Hackerone or a mail to security@matomo.org). And most importantly, please provide more details:

What exactly is the security issue?
How can I reproduce it?
How can an attacker use this?
What would an attacker get access to?
What are the security implications?