ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote malicious user to determine whether a Windows domain user exists.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zohocorp manageengine adselfservice plus |
||
zohocorp manageengine adselfservice plus 6.1 |