2 matches found
CVE-2021-20148
ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another...
CVE-2021-20148
ManageEngine ADSelfService Plus before build 6116 stores each domain’s password policy file under html/ web root with predictable filenames based on the domain. A user from one domain can obtain another domain’s policy by authenticating to the service and requesting that domain’s password policy ...