0Katz

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine ADSelfService Plus versions prior to 5.0.6 **Description** The issue concerns an authentication bypass vulnerability in the password reset functionality. This vulnerability can be exploited by an attacker with physical access to gain a shell with SYSTEM privileges. The attack involves using a long sequence of crafted keyboard input via the restricted thick client browser. **Recommendations** For versions prior to 5.0.6, update to version 5.0.6 or later to resolve the issue. As a temporary workaround, consider restricting physical access to the system to minimize the risk of exploitation.