PT-2022-9168 · Manageengine · Zoho Manageengine Adselfservice Plus
Published
2022-01-03
·
Updated
2023-08-08
·
CVE-2021-20148
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ManageEngine ADSelfService Plus versions prior to build 6116
Description
The issue allows a user from one domain to obtain the password policy for another domain by authenticating to the service and sending a request specifying the password policy file of the other domain. This is possible because the password policy file for each domain is stored under the html/ web root with a predictable filename based on the domain name.
Recommendations
For ManageEngine ADSelfService Plus versions prior to build 6116, update to build 6116 or later to resolve the issue. As a temporary workaround, consider restricting access to the password policy files to minimize the risk of exploitation.
Exploit
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoho Manageengine Adselfservice Plus