ManageEngine Information Disclosure Flaw Exposes Encryption Keys

ManageEngine, one of the most widely used IT infrastructure management platforms that offers more than 60 Enterprise IT management tools, has been discovered with an Information Disclosure vulnerability which is tracked as CVE-2023-6105.

This vulnerability affects multiple ManageEngine products, including ADManager, ADSelfService, M365 Manager, Endpoint Central, Service Desk, Access Manager, and many others. The severity of this vulnerability has been given as 5.5 (Medium).

CVE-2023-6105: ManageEngine Information Disclosure

This information disclosure vulnerability exposes encryption keys and exists on multiple ManageEngine products.

A low-privileged OS user with access to the host on an affected product can view and utilize the exposed key for decrypting the product database passwords, resulting in access to the ManageEngine product database.

Additionally, the encryption key is stored in the “CryptTag” configuration in <PRODUCT_INSTALLATION_DIR>\conf\customer-config.xml, and the usernames and passwords for ManageEngine product database can be found in the <PRODUCT_INSTALLATION_DIR>\conf\database_params.conf.

However, the database password can be decrypted using the encryption key from the XML file and the .conf file. An attacker with access to the product database can run OS commands with SYSTEM privileges or some administrative account privileges. 

Added to this, the threat actor can reset the password of an administrative user and view data contents that possess sensitive information. A has been published, which provides detailed information about the Python script used for decrypting the password and its output.

A complete report and proof of concept for this vulnerability has been published by Tenable, which provides detailed information about this vulnerability and its patches.

Affected Products

  • Service Desk Plus prior to version 14304
  • Asset Explorer prior to version 7004
  • Service Desk Plus MSP prior to version 14305
  • Support Center Plus prior to version 14304
  • Access Manager Plus prior to version 4310
  • PAM 360 prior to version 5700
  • Password Manager Pro prior to version 12300
  • OpManager prior to version 125632 on Windows and version 127243 on Linux
  • Firewall Analyser prior to version 125632 on Windows and version 127243 on Linux
  • Netflow Analyser prior to version 125632 on Windows and version 127243 on Linux
  • Network Configurations Manager prior to version 125632 on Windows and version 127243 on Linux
  • OpUtils prior to version 125632 on Windows and version 127243 on Linux
  • Creator On-Premise prior to version 2.0.0
  • Analytics Plus On-Premise prior to version 5300
  • ADSelfService Plus prior to version 6304
  • ADManager Plus prior to version 7210
  • ADAudit Plus prior to version 7251
  • Cloud Security Plus prior to version 4170
  • Data Security Plus prior to version 6126
  • Exchange Reporter Plus prior to version 5713
  • M365 Manager Plus prior to version 4539
  • M365 Security Plus prior to version 4539
  • SharePoint Manager Plus prior to version 4405
  • Recovery Manager Plus prior to version 6074
  • Log360 UEBA prior to version 4050
  • Endpoint Central prior to version 11.2.2322.01
  • Endpoint Central MSP prior to version 11.2.2322.01
  • Remote Monitoring and Management prior to version 10.2.11
  • Mobile Device Management prior to version 10.1.2204.2
  • Remote Access Plus prior to version 11.2.2328.01
  • OS Deployer prior to version 1.2.2331.1
  • Browser Security Plus prior to version 11.2.2328.01
  • Patch Manager Plus prior to version 11.2.2328.01
  • Vulnerability Manager Plus prior to version 11.2.2328.01
  • Application Control Plus prior to version 11.2.2328.01
  • Patch Connect Plus prior to version 90124
  • Device Control Plus prior to version 11.2.2328.01
  • Endpoint DLP Solution prior to version 11.2.2328.01
  • Secure Gateway Server prior to version 90091

Users of these ManageEngine products are recommended to apply vendor-specific patches for affected installations to prevent this vulnerability from getting exploited.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.

Eswar

Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Blue Yonder Ransomware Attack Impacts Starbucks & Multiple Supermarkets

A ransomware attack on Blue Yonder, a leading supply chain management software provider, has created…

48 minutes ago

Dell Wyse Management Suite Vulnerabilities Let Attackers Exploit Affected Systems Remotely

Dell Technologies has released a security update for its Wyse Management Suite (WMS) to address…

1 hour ago

CISA Details Red Team Assessment Including TTPs & Network Defense

The Cybersecurity and Infrastructure Security Agency (CISA) recently detailed findings from a Red Team Assessment…

1 hour ago

IBM Workload Scheduler Vulnerability Stores User Credentials in Plain Text

IBM has issued a security bulletin warning customers about a vulnerability in its Workload Scheduler…

2 hours ago

Multiple Flaws With Android & Google Pixel Devices Let Attackers Elevate Privileges

Several high-severity vulnerabilities have been identified in Android and Google Pixel devices, exposing millions of…

2 hours ago

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

18 hours ago