CVE-2024-37393 Scanner
CVE-2024-37393 scanner - LDAP Injection vulnerability in SecurEnvoy Two Factor Authentication
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
4 weeks
Scan only one
Domain, IPv4
Toolbox
-
SecurEnvoy Two Factor Authentication is used by organizations to add an additional layer of security to their login processes. It integrates with Active Directory to provide multi-factor authentication for users. Administrators deploy it to secure remote access and sensitive systems. It is commonly used in enterprises, educational institutions, and government agencies. The software helps prevent unauthorized access by requiring a second form of authentication.
The vulnerability involves multiple LDAP injection flaws due to improper validation of user input. An unauthenticated remote attacker can perform blind LDAP injection attacks against the DESKTOP service. This allows for exfiltration of sensitive data from Active Directory. The issue exists in versions before 9.4.514.
The vulnerability exists in the SecurEnvoy Two Factor Authentication software's DESKTOP service endpoint, specifically at the /secserver HTTP endpoint. It occurs because user-supplied input is not properly validated. An attacker can manipulate LDAP queries to retrieve sensitive information. For instance, they can exploit the vulnerability to access the ms-Mcs-AdmPwd attribute, which contains cleartext passwords for LAPS. This allows for significant information disclosure and potential compromise of the Active Directory.
Exploitation of this vulnerability can lead to unauthorized access to sensitive information stored in Active Directory. Attackers could retrieve cleartext passwords, which might be used for further network compromise. It can lead to the complete breach of systems relying on Active Directory for authentication. Additionally, it might allow attackers to perform privilege escalation within the network.
S4E provides a comprehensive Cyber Threat Exposure Management service that helps you identify and remediate vulnerabilities in your digital assets. By using our platform, you gain access to detailed vulnerability reports and expert guidance on securing your systems. Protect your organization from potential breaches and ensure compliance with security standards. Join us today and enhance your cybersecurity posture with our advanced scanning and reporting capabilities.
References: