PRP: Request CVE-2021-40539 ADSelfService Plus authentication bypass vulnerability #189
Comments
|
Hi @hh-hunter , Thanks for your request! This vulnerability is in scope for the reward program. Please submit our participation form and you can start working on the development. Thanks! |
|
Ok, thanks a lot, but I found out during the writing process that the sendAsIs method only supports GET requests, which will prevent me from continuing to write plugin detection, I will wait for an answer on that issue. |
|
HI @hh-hunter, The |
|
@magl0 Can we proceed with the review of this plugin now? |
|
@magl0 hi, I see that mr has been merged, does it mean that there is new progress in this issue? |
Hello,
I would like to start the implementation for a plugin that detects CVE-2021-40539
The vulnerability should be relatively new and have already been patched.
The vulnerability has been assigned a CVE ID (CVSS score >= 7.0), and the vulnerability has a HIGH or CRITICAL severity level: CVSS score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
The vulnerability have a relatively large impact radius, which was repaired after ADSelfService Plus version number 6113 (including 6113).
The vulnerability can be exploited remotely without authentication and user interaction.
Because the vulnerability is a windows domain environment, docker cannot be built, but I can provide the installation program of the relevant vulnerability version and the repaired version, or a very large virtual machine image.
Please let me know if this is in scope to start with its development.
The text was updated successfully, but these errors were encountered: