Type: Active Scan
LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.
Validate and/or escape all user input before using it to create an LDAP query. In particular, the following characters (or combinations) should be blacklisted: & | ! <
( ) , +
/ NUL character