GHSA-527g-3w9m-29hv: LDAP Injection in mitmproxy proxyauth Addon
Vulnerability ID: GHSA-527G-3W9M-29HV
CVSS Score: 5.3
Published: 2026-04-14
mitmproxy versions 12.2.1 and below contain a moderate severity LDAP injection vulnerability in the built-in proxyauth addon. When configured to use LDAP for proxy authentication, improper sanitization of the username field allows unauthenticated attackers to manipulate LDAP queries. This can lead to proxy authentication bypass and potential information disclosure.
TL;DR
mitmproxy <= 12.2.1 is vulnerable to LDAP injection (CWE-90) in the proxyauth addon. Attackers can bypass proxy authentication by injecting malicious LDAP control characters into the username field. Fixed in version 12.2.2.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-90
- Attack Vector: Network
- Severity: Moderate
- Impact: Authentication Bypass, Information Disclosure
- Exploit Status: Proof of Concept available
- Fixed Version: 12.2.2
Affected Systems
- mitmproxy proxyauth addon
- LDAP Authentication Backend
-
mitmproxy: <= 12.2.1 (Fixed in:
12.2.2)
Mitigation Strategies
- Upgrade mitmproxy to version 12.2.2 or later
- Disable the proxyauth LDAP backend configuration if not strictly required
- Implement network access controls restricting untrusted access to the proxy listener
Remediation Steps:
- Identify active mitmproxy instances running versions 12.2.1 or below.
- Check launch arguments or configuration files for the
--proxyauth "ldap:..."parameter. - Upgrade the software via pip (
pip install --upgrade mitmproxy) or the applicable package manager. - Verify the version post-upgrade and restart the mitmproxy service.
References
- GitHub Advisory: GHSA-527g-3w9m-29hv
- mitmproxy Changelog
- mitmproxy v12.2.2 Release
- Pull Request #6428 (Related Optimization/Fix)
- Source Code Location
Read the full report for GHSA-527G-3W9M-29HV on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)