Abstract Advisory Information
Security issue affecting the product ManageEngine ADSelfService Plus, a secure, web-based, end-user password management and single sign-on solution.
This solution helps domain users to perform self-service password reset, self-service account unlock.The software uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.
Author: Dominique Righetto
Version affected
Name: ADSelfService Plus
Versions: 8.6 Build 5607Common Vulnerability Scoring System
5.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NPatches
Unknown
References
None
Vulnerability Disclosure Timeline
- 14/11/2018: Vulnerability identification
- 16/11/2018: First contact with the vendor
- 27/11/2018: Request for update with no answer
- 03/01/2019: Request for update with no answer
- 25/01/2019: Request for update with no answer
- 25/01/2019: Acknowledge from the vendor
- 18/02/2019: Public disclosure