Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-37393 PoC — SecurEnvoy MFA 安全漏洞

Source
https://github.com/optistream/securenvoy-cve-2024-37393
Associated Vulnerability
Title:SecurEnvoy MFA 安全漏洞 (CVE-2024-37393)
Description:Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.
Description
Vulnerability check script for CVE-2024-37393 (SecurEnvoy MFA 9.4.513)
Readme
# securenvoy-cve-2024-37393

*RESPONSIBLE DISCLOSURE*

Vulnerability check script for CVE-2024-37393 (SecurEnvoy MFA 9.4.513).

Proof of concept code for checking LDAP injection.

![POC](img/POC.png)

# Fix

Vulnerability fixed in SecurEnvoy MFA >= 9.4.514.

# Links

[https://www.optistream.io/blogs/tech/securenvoy-cve-2024-37393](https://www.optistream.io/blogs/tech/securenvoy-cve-2024-37393)

# Author

[https://optistream.io](https://optistream.io)
File Snapshot

 [4.0K]  /data/pocs/9f9af77db6657656def8050a97ba8e6e33226d37
├── [4.0K]  img
│   └── [7.7K]  POC.png
├── [ 11K]  LICENSE
├── [1.3K]  poc.py
└── [ 454]  README.md

1 directory, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →