CVE-2021-37935

Published: Dec 10, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login page and searching for the "isLdap" JavaScript parameter in the HTML source code.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/andrey-lomtev/c970fb7dd022d04f5b57ad37fbedd064

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-37935

Description

Affected Products

References