@JeyakumarThangaraj opened this Issue on October 10th 2019

Dear Team,

LDAP injection has found on piwik request in both android and IOS. Kindly advise how to resolve this issue. Please find Reference - https://github.com/matomo-org/matomo-sdk-android/issues/266

Find the details below:
LDAP injection attempt ( uid )

• Signature Type :Request
• Attack Type :LDAP Injection
• Accuracy :Low
• Risk :Low

Regards,
Jeyakumar

image

@Findus23 commented on October 10th 2019 Member

As I already mentioned in https://github.com/matomo-org/matomo-sdk-android/issues/266#issuecomment-539550618:
Please use the intended ways to report security issues (so Hackerone or a mail to security@matomo.org).
And most importantly, please provide more details:

  • What exactly is the security issue?
  • How can I reproduce it?
  • How can an attacker use this?
  • What would an attacker get access to?
  • What are the security implications?
This Issue was closed on October 16th 2019
Powered by GitHub Issue Mirror