What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to acc

Question

2 years ago

7

What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to acc

ess the LDAP database or modify the database's information? a. LDAP poisoning b. LDAP injection c. Kerberos injection d. DAP hijacking

Computers and Technology

1 answer:

abruzzese [7] · Answer 1 · 2022-08-03T19:47:55+03:00

Answer: b. LDAP injection

Explanation:

LDAP (Lightweight Directory Access Protocol ) Injection is defined as

an injection attack used by attacker to exploit web based applications by inserting LDAP statements based on user input.
It may be possible modify LDAP statements through some techniques if an application fails to properly sanitize user input.

So,<u> LDAP injection</u> is the attack that allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database's information.

Hence, the correct option is b. LDAP injection.