SecurEnvoy 漏洞列表

SecurEnvoy MFA 是英国 SecurEnvoy 公司开发的一款多因素身份验证解决方案。该系统在 9.4.514 之前的版本中存在多个 LDAP 注入漏洞，漏洞源于对用户提供的输入验证不当。未经认证的远程攻击者可以通过针对暴露在 /secserver HTTP 端点的 DESKTOP 服务的盲注 LDAP 攻击，从 Active Directory 中泄漏数据，包括存储在 ms-Mcs-AdmPwd 字段中的明文密码（用于本地管理员密码解决方案 LAPS 功能）。

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.