Authentication Bypass Vulnerability in Zoho ManageEngine ADSelfService Plus
CVE-2019-12476 · HIGH Severity
AV:L/AC:L/AU:N/C:C/I:C/A:C
An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboard input.
Learn more about our Physical Security Assessment.