QwikSec

Security Database

CVE

CWE

Training

CVE-2010-3272

Published: Feb 17, 2011

Modified: Aug 7, 2024

PUBLISHED

Description

accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SREASON

adselfservice-pwr-weak-security(65350)

vdb-entry

x_refsource_XF

http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities

x_refsource_MISC

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.