CVE-2021-37933

Published: Oct 14, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability is due to insufficient server-side validation of the email parameter before using it to construct LDAP queries. An attacker could bypass authentication exploiting this vulnerability by sending login attempts in which there is a valid password but a wildcard character in email parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/andrey-lomtev/cbf12bc8d8763996cf8d6d1641a0b049

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-37933

Description

Affected Products

References