Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml.
References
Link | Resource |
---|---|
https://medium.com/nestedif/vulnerability-disclosure-hardcoded-keys-password-zoho-r-a-p-318aa9bba2e | Exploit Third Party Advisory |
https://www.manageengine.com/remote-desktop-management/hotfix-readme.html | Vendor Advisory |
Configurations
Information
Published : 2021-09-29 20:15
Updated : 2021-10-05 09:07
NVD link : CVE-2021-41828
Mitre link : CVE-2021-41828
JSON object : View
CWE
CWE-798
Use of Hard-coded Credentials
Products Affected
zohocorp
- manageengine_remote_access_plus