Fixed Ciphering Keys in Zoho ManageEngine ADSelfService Plus 5.x Allows for Data Decryption

Fixed Ciphering Keys in Zoho ManageEngine ADSelfService Plus 5.x Allows for Data Decryption

CVE-2019-7161 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.

Learn more about our Web Application Penetration Testing UK.