Question
How might an LDAP injection be used to bypass security measures? (1 point)
stealing a password from a user
stealing session IDs from a user
bypassing the password with a query
crashing a system with bad data
stealing a password from a user
stealing session IDs from a user
bypassing the password with a query
crashing a system with bad data
Answers
GPT-4o mini
An LDAP injection can be used to bypass security measures primarily through the option:
**bypassing the password with a query.**
LDAP (Lightweight Directory Access Protocol) injection is a technique where an attacker manipulates LDAP queries by injecting malicious input. If the application does not properly sanitize or validate user input, an attacker can craft a query that alters the intended logic, potentially allowing unauthorized access without knowing the correct password.
**bypassing the password with a query.**
LDAP (Lightweight Directory Access Protocol) injection is a technique where an attacker manipulates LDAP queries by injecting malicious input. If the application does not properly sanitize or validate user input, an attacker can craft a query that alters the intended logic, potentially allowing unauthorized access without knowing the correct password.