Closed valodzka closed 2 years ago
This might help to improve the implementation: https://rules.sonarsource.com/python/RSPEC-2078
Until the code is improved, if I'm not mistaken, using a Query like this should improve the situation:
X-Ldap-Template: (&(cn=%(username)s)(|(memberOf=x)(memberOf=y)))
Thanks! Addressed with https://github.com/nginxinc/nginx-ldap-auth/commit/763f23b29785d96dc2dafbc68524b393eef212f6
For future reference, please direct security issues to security-alerts@nginx.org
I don't understand how that commit addresses the issue.
Will there be a release tag with this included?
I also don't see how it was fixed.
Also emails returns:
450 4.1.1 <[security-alerts@nginx.org](mailto:security-alerts@nginx.org)>: Recipient address rejected: User unknown in virtual mailbox table
Using simple python formatting for X-Ldap-Template and user input opens the door to ldap query injection attacks. For example:
Then passing username:
x))((cn=username
bypass group check.