minor update
parent
532f8d400e
commit
2736211273
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2024-37393
|
||||
info:
|
||||
name: SecurEnvoy MFA LDAP Injection
|
||||
author: securityforeveryone.com
|
||||
name: SecurEnvoy Two Factor Authentication - LDAP Injection
|
||||
author: securityforeveryone
|
||||
severity: critical
|
||||
description: |
|
||||
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.
|
||||
|
@ -9,7 +9,12 @@ info:
|
|||
- https://www.tenable.com/cve/CVE-2024-37393
|
||||
- https://www.optistream.io/blogs/tech/securenvoy-cve-2024-37393
|
||||
- https://securenvoy.com
|
||||
tags: cve,cve2024,SecurEnvoy,ldap
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"SecurEnvoy"
|
||||
fofa-query: title="SecurEnvoy"
|
||||
tags: cve,cve2024,securenvoy,ldap
|
||||
|
||||
variables:
|
||||
userid: "{{to_lower(rand_base(20))}}"
|
||||
|
||||
|
|
Loading…
Reference in New Issue