CVE-2022-29457
CVE-2022-29457
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50904unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/167051/ManageEngine-ADSelfService-Plus-Build-6118-NTLMv2-Hash-Exposure.htmlhttps://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerabilityhttps://www.manageengine.com/products/self-service-password/release-notes.html