Filtered by vendor Securenvoy Subscriptions
Filtered by product Mfa Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-37393 1 Securenvoy 2 Mfa, Multi-factor Authentication Solutions 2024-11-21 9.8 Critical
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.