From 3705207f0190a7dc55b85a076b83b58d77fdafec Mon Sep 17 00:00:00 2001 From: Maksim Nabokikh Date: Tue, 9 Apr 2024 13:05:06 +0200 Subject: [PATCH] Do not escape password for LDAP connectors (#3470) With the change introduced in https://github.com/dexidp/dex/pull/3372 Dex declines passwords that contain special characters. Since password is not passed to any kind of filters, it is safe to pass a password as is. No LDAP query injections are possible. This commit is a revert of password escaping. Signed-off-by: m.nabokikh --- connector/ldap/ldap.go | 1 - 1 file changed, 1 deletion(-) diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go index f0aa7eff76..bb434a6cb2 100644 --- a/connector/ldap/ldap.go +++ b/connector/ldap/ldap.go @@ -473,7 +473,6 @@ func (c *ldapConnector) Login(ctx context.Context, s connector.Scopes, username, ) username = ldap.EscapeFilter(username) - password = ldap.EscapeFilter(password) err = c.do(ctx, func(conn *ldap.Conn) error { entry, found, err := c.userEntry(conn, username)