CVE-2024-37393 PoC — SecurEnvoy MFA 安全漏洞

Source

https://github.com/noways-io/securenvoy-cve-2024-37393

Associated Vulnerability

Title:SecurEnvoy MFA 安全漏洞 (CVE-2024-37393)
Description:SecurEnvoy MFA是英国SecurEnvoy公司的一个多因素身份验证解决方案。 SecurEnvoy MFA 9.4.514之前版本存在安全漏洞，该漏洞源于对用户提供的输入验证不当。

Description

Vulnerability check script for CVE-2024-37393 (SecurEnvoy MFA 9.4.513)

Readme

# securenvoy-cve-2024-37393

*RESPONSIBLE DISCLOSURE*

Vulnerability check script for CVE-2024-37393 (SecurEnvoy MFA 9.4.513).

Proof of concept code for checking LDAP injection.

![POC](img/POC.png)

# Fix

Vulnerability fixed in SecurEnvoy MFA >= 9.4.514.

# Links

[https://www.optistream.io/blogs/tech/securenvoy-cve-2024-37393](https://www.optistream.io/blogs/tech/securenvoy-cve-2024-37393)

# Author

[https://optistream.io](https://optistream.io)

File Snapshot


 [4.0K]  /data/pocs/620f162573f90b8c0f05864f02ee49f31868e9a2
├── [4.0K]  img
│   └── [7.7K]  POC.png
├── [ 11K]  LICENSE
├── [1.3K]  poc.py
└── [ 454]  README.md

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!