Published: 14/07/2021 Updated: 28/12/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.3 | Impact Score: 3.4 | Exploitability Score: 3.9

VMScore: 447

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

This vulnerability allows remote malicious users to disclose sensitive information on affected installations of Microsoft Exchange Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication of requests to web services within the ecp web application. By issuing a crafted request, an attacker can bypass authentication. An attacker can leverage this vulnerability to disclose information from the server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft exchange server 2013
microsoft exchange server 2019
microsoft exchange server 2016

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

POC Exploit CVE-2021-33766 (ProxyToken) POC Exploit for CVE-2021-33766 (ProxyToken) is a handy shell script which provides pentesters and security researchers a quick and effective way to test Microsoft Exchange ProxyToken vulnerability Disclaimer This program is for Educational purpose ONLY Do not use it without permission The usual disclaimer applies, especially the fact t

various pocs for all kinds of exploits

Exploits PoCs This repo contains PoCs for all sort of vulnerabilities for the purpose of security testing & research Please do not use these these tools in an illegal manner Available Exploits CVE-2021-33766 (ProxyToken) Disclaimer This program is for Educational purpose ONLY Do not use it without permission The usual disclaimer applies, especially the fact that m

CVE-2021-33766-poc

CVE-2021-33766 (ProxyToken) 支持单个目标检测和批量检测、支持邮件转发规则修改用法漏洞检测以及邮件转发规则修改邮件转发规则修改结果邮件发送测试参考 wwwzerodayinitiativecom/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server

Research and Publications

About Research and Publications Author: ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit - September 2021 githubcom/bhdresh/CVE-2021-33766-ProxyToken Author: A security flaw in WhatsApp leaks IP addresses - July 2021 techbrieflycom/2021/07/14/this-security-flaw-in-whatsapp-could-leak-your-ip-address/ newsb

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

POC Exploit CVE-2021-33766 (ProxyToken) POC Exploit for CVE-2021-33766 (ProxyToken) is a handy shell script which provides pentesters and security researchers a quick and effective way to test Microsoft Exchange ProxyToken vulnerability Disclaimer This program is for Educational purpose ONLY Do not use it without permission The usual disclaimer applies, especially the fact t

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

POC Exploit CVE-2021-33766 (ProxyToken) POC Exploit for CVE-2021-33766 (ProxyToken) is a handy shell script which provides pentesters and security researchers a quick and effective way to test Microsoft Exchange ProxyToken vulnerability Disclaimer This program is for Educational purpose ONLY Do not use it without permission The usual disclaimer applies, especially the fact t

CWE-287 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33766 https://www.zerodayinitiative.com/advisories/ZDI-21-798/https://nvd.nist.gov https://github.com/bhdresh/CVE-2021-33766-ProxyToken-https://www.zerodayinitiative.com/advisories/ZDI-21-798/

CVE-2021-33766

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect