2 matches found
CVE-2019-12476
Zoho ManageEngine ADSelfService Plus prior to version 5.0.6 contains an authentication bypass in the password-reset flow that enables a local attacker with physical access to obtain a SYSTEM shell via the restricted thick client browser by supplying a crafted sequence of keyboard input. The issue...
CVE-2019-12476
An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboa...