Authentication Bypass Vulnerability in Zoho ManageEngine ADSelfService Plus

Authentication Bypass Vulnerability in Zoho ManageEngine ADSelfService Plus

CVE-2019-12476 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboard input.

Learn more about our Physical Security Assessment.