CVE-2021-4xx50
Bookmarked!This challenge covers the review of a CVE and its patch
The Code Review Patch challenges provide an excellent opportunity to delve into real-world vulnerable code and its subsequent fix. The objective is to first try and identify the issue without looking at the provided patch. This approach strengthens your skills in spotting vulnerabilities. If you find it challenging to pinpoint the issue, the patch is available to guide you. This specific lab involves an LDAP authentication script written in Go, where you analyze the code for security flaws.
In this lab, you are provided with a Go file responsible for LDAP authentication and a corresponding patch file. The original code has a vulnerability that can be exploited, and your task is to identify and understand this flaw. The patch then shows the correct way to mitigate the vulnerability, offering a practical learning experience. For instance, the patch addresses a potential LDAP injection vulnerability by escaping user input in the LDAP search query.