Kanboard LDAP Injection Vulnerability Allowing User Enumeration and Information Disclosure

A vulnerability allowing LDAP injection has been identified in Kanboard versions through 1.2.48. This issue arises in the LDAP authentication process, where user-supplied input is directly inserted into LDAP search filters without adequate sanitization. As a result, attackers can manipulate the filters to enumerate LDAP users, access sensitive user information, and conduct targeted attacks on specific accounts.

Impact

Exploitation of this vulnerability allows for unauthorized LDAP injection, enabling attackers to manipulate LDAP search filters. This could lead to unauthorized user enumeration, disclosure of sensitive user attributes, and potential targeted attacks on individuals identified during the exploitation.

Reproduction

The vulnerability can be reproduced by configuring Kanboard to use LDAP authentication and setting an exploitable user filter. After uploading test users to the LDAP server, the injection can be executed by sending a crafted username payload that exploits the unsanitized filter insertion, such as a wildcard to enumerate all users.

Remediation

Users can update to Kanboard version 1.2.49, which addresses the vulnerability by properly escaping LDAP placeholders before they are used in search filters.