An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.
References
Link | Resource |
---|---|
https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/ | Third Party Advisory |
https://www.manageengine.com/products/self-service-password/release-notes.html | Release Notes Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Jul 2021, 11:39
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://www.manageengine.com/products/self-service-password/release-notes.html - Release Notes, Patch, Vendor Advisory |
Information
Published : 2019-03-21 16:01
Updated : 2023-12-10 12:59
NVD link : CVE-2019-7161
Mitre link : CVE-2019-7161
CVE.ORG link : CVE-2019-7161
JSON object : View
Products Affected
zohocorp
- manageengine_adselfservice_plus
CWE
CWE-798
Use of Hard-coded Credentials