User Enumeration Vulnerability in ManageEngine ServiceDesk Plus 9.3

User Enumeration Vulnerability in ManageEngine ServiceDesk Plus 9.3

CVE-2019-10273 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.

Learn more about our User Device Pen Test.