Pete Slade

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine ADAudit Plus version 7.1.1 **Description** The event analysis component in Zoho ManageEngine ADAudit Plus allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. The vendor states that this behavior is expected and not considered a security bug. **Recommendations** For Zoho ManageEngine ADAudit Plus version 7.1.1, consider restricting the creation or renaming of user accounts with a "$" symbol suffix to minimize the risk of audit detection bypass. As a temporary workaround, monitor user account activity closely for any suspicious behavior related to accounts with the "$" symbol suffix. At the moment, there is no information about a newer version that contains a fix for this issue.