CVE-2023-35854

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADSelfService Plus versions through 6113

Description The issue is related to an authentication bypass in a critical function, which can be exploited to steal the domain controller session token for identity spoofing. This could allow an attacker to achieve the privileges of the domain controller administrator. The vendor has stated that they have found no evidence or detail of a security vulnerability.

Recommendations For Zoho ManageEngine ADSelfService Plus versions through 6113, consider temporarily disabling critical functions related to authentication until a patch is available. Restrict access to sensitive features to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.