An information disclosure exists in Zoho ManageEngine ADSelfService Plus, ZOHO’s integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A vulnerability exists in Zoho ManageEngine ADSelfService Plus, which stems from the disclosure of NTLM hashes in certain storage path configuration steps. An attacker could exploit this vulnerability to obtain sensitive information.