CVE-2010-3272
CVE-2010-3272
accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/35330unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://secunia.com/advisories/43241http://securityreason.com/securityalert/8089https://exchange.xforce.ibmcloud.com/vulnerabilities/65350http://www.coresecurity.com/content/zoho-manageengine-vulnerabilitieshttp://www.osvdb.org/70870http://www.securityfocus.com/archive/1/516396/100/0/threadedhttp://www.securityfocus.com/bid/46331http://www.vupen.com/english/advisories/2011/0392