User Enumeration Vulnerability in ManageEngine ServiceDesk Plus 9.3
CVE-2019-10273 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:N/A:N
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
Learn more about our User Device Pen Test.