accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus prior to 4.5 Build 4500 makes it easier for remote malicious users to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zohocorp manageengine adselfservice plus |