CVE-2010-3272

2011-02-17T18:00:00
ID CVE-2010-3272
Type cve
Reporter cve@mitre.org
Modified 2018-10-10T20:01:00

Description

accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action.