daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor update

patch-4
Dhiyaneshwaran 2024-06-13 13:54:39 +05:30 committed by GitHub
parent 532f8d400e
commit 2736211273
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
http/cves/2024/CVE-2024-37393.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2024-37393
info:
name: SecurEnvoy MFA LDAP Injection
author: securityforeveryone.com
name: SecurEnvoy Two Factor Authentication - LDAP Injection
author: securityforeveryone
severity: critical
description: |
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.
@ -9,7 +9,12 @@ info:
- https://www.tenable.com/cve/CVE-2024-37393
- https://www.optistream.io/blogs/tech/securenvoy-cve-2024-37393
- https://securenvoy.com
tags: cve,cve2024,SecurEnvoy,ldap
metadata:
verified: true
shodan-query: title:"SecurEnvoy"
fofa-query: title="SecurEnvoy"
tags: cve,cve2024,securenvoy,ldap
variables:
userid: "{{to_lower(rand_base(20))}}"