QwikSec

Security Database

CVE

CWE

Training

CVE-2010-3273

Published: Feb 17, 2011

Modified: Aug 7, 2024

PUBLISHED

Description

ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

adselfservice-resetresult-security-bypass(65348)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SREASON

vdb-entry

x_refsource_OSVDB

http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities

x_refsource_MISC

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.