CVE-2021-37933 - OpenCVE

An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability is due to insufficient server-side validation of the email parameter before using it to construct LDAP queries. An attacker could bypass authentication exploiting this vulnerability by sending login attempts in which there is a valid password but a wildcard character in email parameter.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Huntflow	Huntflow Enterprise

Configuration 1 [-]

cpe:2.3:a:huntflow:huntflow_enterprise:*:*:*:*:*:*:*:*

References

Link	Resource
https://gist.github.com/andrey-lomtev/cbf12bc8d8763996cf8d6d1641a0b049	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-10-14T15:02:20

Updated: 2021-10-14T15:02:19

Reserved: 2021-08-03T00:00:00

Link: CVE-2021-37933

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-10-14T16:15:09.123

Modified: 2021-10-20T19:10:11.567

Link: CVE-2021-37933

JSON object: View

Redhat Information

No data.

CWE

CWE-74

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability is due to insufficient server-side validation of the email parameter before using it to construct LDAP queries. An attacker could bypass authentication exploiting this vulnerability by sending login attempts in which there is a valid password but a wildcard character in email parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-14T15:02:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/andrey-lomtev/cbf12bc8d8763996cf8d6d1641a0b049"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-37933", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability is due to insufficient server-side validation of the email parameter before using it to construct LDAP queries. An attacker could bypass authentication exploiting this vulnerability by sending login attempts in which there is a valid password but a wildcard character in email parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gist.github.com/andrey-lomtev/cbf12bc8d8763996cf8d6d1641a0b049", "refsource": "MISC", "url": "https://gist.github.com/andrey-lomtev/cbf12bc8d8763996cf8d6d1641a0b049"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-37933", "datePublished": "2021-10-14T15:02:20", "dateReserved": "2021-08-03T00:00:00", "dateUpdated": "2021-10-14T15:02:19", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:huntflow:huntflow_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BAFA4A0-B791-413F-A603-E7F9E2F59F0E", "versionEndExcluding": "3.10.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability is due to insufficient server-side validation of the email parameter before using it to construct LDAP queries. An attacker could bypass authentication exploiting this vulnerability by sending login attempts in which there is a valid password but a wildcard character in email parameter."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n LDAP en /account/login en Huntflow Enterprise versiones anteriores a 3.10.6, podr\u00eda permitir a un usuario remoto no autenticado modificar la l\u00f3gica de una consulta LDAP y omitir la autenticaci\u00f3n. La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente en el lado del servidor del par\u00e1metro email antes de usarlo para construir consultas LDAP. Un atacante podr\u00eda omitir la autenticaci\u00f3n explotando esta vulnerabilidad mediante el env\u00edo de intentos de inicio de sesi\u00f3n en los que se presenta una contrase\u00f1a v\u00e1lida pero un car\u00e1cter comod\u00edn en el par\u00e1metro email"}], "id": "CVE-2021-37933", "lastModified": "2021-10-20T19:10:11.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-14T16:15:09.123", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/andrey-lomtev/cbf12bc8d8763996cf8d6d1641a0b049"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}