Closed stephanederer closed 3 years ago
It's not possible to validate username. LDAP-Login with asterisk, e.g. "myuser*ame" is possible, which enables wildcard injections. LDAP injection is maybe also possible.
Please describe a bit more what you mean, thanks.
vgl. #126
Fixed with corresponding commit (but did not include a reference to this ticket so not closed automatically).
It's not possible to validate username. LDAP-Login with asterisk, e.g. "myuser*ame" is possible, which enables wildcard injections. LDAP injection is maybe also possible.