Filtered by vendor Securenvoy
Subscriptions
Filtered by product Mfa
Subscriptions
Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-37393 | 1 Securenvoy | 2 Mfa, Multi-factor Authentication Solutions | 2024-11-21 | 9.8 Critical |
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature. |
Page 1 of 1.