CVE-2019-12476

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADSelfService Plus versions prior to 5.0.6

Description The issue concerns an authentication bypass vulnerability in the password reset functionality. This vulnerability can be exploited by an attacker with physical access to gain a shell with SYSTEM privileges. The attack involves using a long sequence of crafted keyboard input via the restricted thick client browser.

Recommendations For versions prior to 5.0.6, update to version 5.0.6 or later to resolve the issue. As a temporary workaround, consider restricting physical access to the system to minimize the risk of exploitation.