3 matches found
Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration
Zoho ManageEngine ADSelfService Plus 6121 is vulnerable to username enumeration CVE-2022-28987. The Forgot Password functionality responds differently for existing and non-existing users, allowing attackers to enumerate valid usernames. id: CVE-2022-28987 info: name: Zoho ManageEngine ADSelfServi...
CVE-2022-28987
Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login...
CVE-2022-28987
Vulnerability summary: Zoho ManageEngine ADSelfService Plus (pre-6202, e.g., 6121) is affected by CVE-2022-28987. A crafted POST to /ServletAPI/accounts/login enables username enumeration by revealing differences in responses for existing versus non-existing users, via the Forgot Password/login f...