ManageEngine, one of the most widely used IT infrastructure management platforms that offers more than 60 Enterprise IT management tools, has been discovered with an Information Disclosure vulnerability which is tracked as CVE-2023-6105.
This vulnerability affects multiple ManageEngine products, including ADManager, ADSelfService, M365 Manager, Endpoint Central, Service Desk, Access Manager, and many others. The severity of this vulnerability has been given as 5.5 (Medium).
This information disclosure vulnerability exposes encryption keys and exists on multiple ManageEngine products.
A low-privileged OS user with access to the host on an affected product can view and utilize the exposed key for decrypting the product database passwords, resulting in access to the ManageEngine product database.
Additionally, the encryption key is stored in the “CryptTag” configuration in <PRODUCT_INSTALLATION_DIR>\conf\customer-config.xml, and the usernames and passwords for ManageEngine product database can be found in the <PRODUCT_INSTALLATION_DIR>\conf\database_params.conf.
However, the database password can be decrypted using the encryption key from the XML file and the .conf file. An attacker with access to the product database can run OS commands with SYSTEM privileges or some administrative account privileges.
Added to this, the threat actor can reset the password of an administrative user and view data contents that possess sensitive information. A has been published, which provides detailed information about the Python script used for decrypting the password and its output.
A complete report and proof of concept for this vulnerability has been published by Tenable, which provides detailed information about this vulnerability and its patches.
Users of these ManageEngine products are recommended to apply vendor-specific patches for affected installations to prevent this vulnerability from getting exploited.
Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.
A ransomware attack on Blue Yonder, a leading supply chain management software provider, has created…
Dell Technologies has released a security update for its Wyse Management Suite (WMS) to address…
The Cybersecurity and Infrastructure Security Agency (CISA) recently detailed findings from a Red Team Assessment…
IBM has issued a security bulletin warning customers about a vulnerability in its Workload Scheduler…
Several high-severity vulnerabilities have been identified in Android and Google Pixel devices, exposing millions of…
Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…