S4E

CVE-2024-37393 Scanner

CVE-2024-37393 scanner - LDAP Injection vulnerability in SecurEnvoy Two Factor Authentication

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

4 weeks

Scan only one

Domain, IPv4

Toolbox

-

SecurEnvoy Two Factor Authentication is used by organizations to add an additional layer of security to their login processes. It integrates with Active Directory to provide multi-factor authentication for users. Administrators deploy it to secure remote access and sensitive systems. It is commonly used in enterprises, educational institutions, and government agencies. The software helps prevent unauthorized access by requiring a second form of authentication.

The vulnerability involves multiple LDAP injection flaws due to improper validation of user input. An unauthenticated remote attacker can perform blind LDAP injection attacks against the DESKTOP service. This allows for exfiltration of sensitive data from Active Directory. The issue exists in versions before 9.4.514.

The vulnerability exists in the SecurEnvoy Two Factor Authentication software's DESKTOP service endpoint, specifically at the /secserver HTTP endpoint. It occurs because user-supplied input is not properly validated. An attacker can manipulate LDAP queries to retrieve sensitive information. For instance, they can exploit the vulnerability to access the ms-Mcs-AdmPwd attribute, which contains cleartext passwords for LAPS. This allows for significant information disclosure and potential compromise of the Active Directory.

Exploitation of this vulnerability can lead to unauthorized access to sensitive information stored in Active Directory. Attackers could retrieve cleartext passwords, which might be used for further network compromise. It can lead to the complete breach of systems relying on Active Directory for authentication. Additionally, it might allow attackers to perform privilege escalation within the network.

S4E provides a comprehensive Cyber Threat Exposure Management service that helps you identify and remediate vulnerabilities in your digital assets. By using our platform, you gain access to detailed vulnerability reports and expert guidance on securing your systems. Protect your organization from potential breaches and ensure compliance with security standards. Join us today and enhance your cybersecurity posture with our advanced scanning and reporting capabilities.

References:

Get started to protecting your Free Full Security Scan