PT-2023-28159 · Zoho · Zoho Manageengine Admanager Plus
Published
2023-09-26
·
Updated
2023-09-28
·
CVE-2023-41904
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Zoho ManageEngine ADManager Plus versions prior to 7203
Description
The issue allows 2FA bypass for AuthToken generation in REST APIs.
Recommendations
For versions prior to 7203, update to version 7203 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST APIs to minimize the risk of exploitation. Avoid using the AuthToken generation feature in the affected REST APIs until the issue is resolved.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoho Manageengine Admanager Plus