CVE-2021-37933 - Vulnerability Details - OpenCVE

An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability is due to insufficient server-side validation of the email parameter before using it to construct LDAP queries. An attacker could bypass authentication exploiting this vulnerability by sending login attempts in which there is a valid password but a wildcard character in email parameter.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huntflow	Huntflow Enterprise

Configuration 1 [-]

cpe:2.3:a:huntflow:huntflow_enterprise:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://gist.github.com/andrey-lomtev/cbf12bc8d8763996cf8d6d1641a0b049

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-10-14T15:02:20

Updated: 2024-08-04T01:30:08.575Z

Reserved: 2021-08-03T00:00:00

Link: CVE-2021-37933

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-10-14T16:15:09.123

Modified: 2024-11-21T06:16:05.737

Link: CVE-2021-37933

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability is due to insufficient server-side validation of the email parameter before using it to construct LDAP queries. An attacker could bypass authentication exploiting this vulnerability by sending login attempts in which there is a valid password but a wildcard character in email parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-14T15:02:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/andrey-lomtev/cbf12bc8d8763996cf8d6d1641a0b049"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-37933", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability is due to insufficient server-side validation of the email parameter before using it to construct LDAP queries. An attacker could bypass authentication exploiting this vulnerability by sending login attempts in which there is a valid password but a wildcard character in email parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gist.github.com/andrey-lomtev/cbf12bc8d8763996cf8d6d1641a0b049", "refsource": "MISC", "url": "https://gist.github.com/andrey-lomtev/cbf12bc8d8763996cf8d6d1641a0b049"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:30:08.575Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gist.github.com/andrey-lomtev/cbf12bc8d8763996cf8d6d1641a0b049"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-37933", "datePublished": "2021-10-14T15:02:20", "dateReserved": "2021-08-03T00:00:00", "dateUpdated": "2024-08-04T01:30:08.575Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:huntflow:huntflow_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BAFA4A0-B791-413F-A603-E7F9E2F59F0E", "versionEndExcluding": "3.10.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability is due to insufficient server-side validation of the email parameter before using it to construct LDAP queries. An attacker could bypass authentication exploiting this vulnerability by sending login attempts in which there is a valid password but a wildcard character in email parameter."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n LDAP en /account/login en Huntflow Enterprise versiones anteriores a 3.10.6, podr\u00eda permitir a un usuario remoto no autenticado modificar la l\u00f3gica de una consulta LDAP y omitir la autenticaci\u00f3n. La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente en el lado del servidor del par\u00e1metro email antes de usarlo para construir consultas LDAP. Un atacante podr\u00eda omitir la autenticaci\u00f3n explotando esta vulnerabilidad mediante el env\u00edo de intentos de inicio de sesi\u00f3n en los que se presenta una contrase\u00f1a v\u00e1lida pero un car\u00e1cter comod\u00edn en el par\u00e1metro email"}], "id": "CVE-2021-37933", "lastModified": "2024-11-21T06:16:05.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-14T16:15:09.123", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/andrey-lomtev/cbf12bc8d8763996cf8d6d1641a0b049"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/andrey-lomtev/cbf12bc8d8763996cf8d6d1641a0b049"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}