Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP Injection #14987

Closed
JeyakumarThangaraj opened this issue Oct 10, 2019 · 1 comment
Closed

LDAP Injection #14987

JeyakumarThangaraj opened this issue Oct 10, 2019 · 1 comment
Labels
answered For when a question was asked and we referred to forum or answered it.
Milestone
3.12.0

Comments

@JeyakumarThangaraj
Copy link

Dear Team,

LDAP injection has found on piwik request in both android and IOS. Kindly advise how to resolve this issue. Please find Reference - matomo-org/matomo-sdk-android#266

Find the details below:
LDAP injection attempt ( uid )

• Signature Type :Request
• Attack Type :LDAP Injection
• Accuracy :Low
• Risk :Low

Regards,
Jeyakumar

image
@Findus23
Copy link
Member

As I already mentioned in matomo-org/matomo-sdk-android#266 (comment):
Please use the intended ways to report security issues (so Hackerone or a mail to security@matomo.org).
And most importantly, please provide more details:

  • What exactly is the security issue?
  • How can I reproduce it?
  • How can an attacker use this?
  • What would an attacker get access to?
  • What are the security implications?

@tsteur tsteur closed this as completed Oct 16, 2019
@tsteur tsteur added the answered For when a question was asked and we referred to forum or answered it. label Oct 16, 2019
@mattab mattab added this to the 3.12.0 milestone Oct 27, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
answered For when a question was asked and we referred to forum or answered it.
Projects
None yet
Milestone
3.12.0
Development

No branches or pull requests
4 participants
@tsteur @mattab @Findus23 @JeyakumarThangaraj