ManageEngine Information Disclosure Flaw Exposes Encryption Keys

ManageEngine, one of the most widely used IT infrastructure management platforms that offers more than 60 Enterprise IT management tools, has been discovered with an Information Disclosure vulnerability which is tracked as CVE-2023-6105.

This vulnerability affects multiple ManageEngine products, including ADManager, ADSelfService, M365 Manager, Endpoint Central, Service Desk, Access Manager, and many others. The severity of this vulnerability has been given as 5.5 (Medium).

CVE-2023-6105: ManageEngine Information Disclosure

This information disclosure vulnerability exposes encryption keys and exists on multiple ManageEngine products.

A low-privileged OS user with access to the host on an affected product can view and utilize the exposed key for decrypting the product database passwords, resulting in access to the ManageEngine product database.

Additionally, the encryption key is stored in the “CryptTag” configuration in <PRODUCT_INSTALLATION_DIR>\conf\customer-config.xml, and the usernames and passwords for ManageEngine product database can be found in the <PRODUCT_INSTALLATION_DIR>\conf\database_params.conf.

However, the database password can be decrypted using the encryption key from the XML file and the .conf file. An attacker with access to the product database can run OS commands with SYSTEM privileges or some administrative account privileges. 

Added to this, the threat actor can reset the password of an administrative user and view data contents that possess sensitive information. A has been published, which provides detailed information about the Python script used for decrypting the password and its output.

A complete report and proof of concept for this vulnerability has been published by Tenable, which provides detailed information about this vulnerability and its patches.

Affected Products

  • Service Desk Plus prior to version 14304
  • Asset Explorer prior to version 7004
  • Service Desk Plus MSP prior to version 14305
  • Support Center Plus prior to version 14304
  • Access Manager Plus prior to version 4310
  • PAM 360 prior to version 5700
  • Password Manager Pro prior to version 12300
  • OpManager prior to version 125632 on Windows and version 127243 on Linux
  • Firewall Analyser prior to version 125632 on Windows and version 127243 on Linux
  • Netflow Analyser prior to version 125632 on Windows and version 127243 on Linux
  • Network Configurations Manager prior to version 125632 on Windows and version 127243 on Linux
  • OpUtils prior to version 125632 on Windows and version 127243 on Linux
  • Creator On-Premise prior to version 2.0.0
  • Analytics Plus On-Premise prior to version 5300
  • ADSelfService Plus prior to version 6304
  • ADManager Plus prior to version 7210
  • ADAudit Plus prior to version 7251
  • Cloud Security Plus prior to version 4170
  • Data Security Plus prior to version 6126
  • Exchange Reporter Plus prior to version 5713
  • M365 Manager Plus prior to version 4539
  • M365 Security Plus prior to version 4539
  • SharePoint Manager Plus prior to version 4405
  • Recovery Manager Plus prior to version 6074
  • Log360 UEBA prior to version 4050
  • Endpoint Central prior to version 11.2.2322.01
  • Endpoint Central MSP prior to version 11.2.2322.01
  • Remote Monitoring and Management prior to version 10.2.11
  • Mobile Device Management prior to version 10.1.2204.2
  • Remote Access Plus prior to version 11.2.2328.01
  • OS Deployer prior to version 1.2.2331.1
  • Browser Security Plus prior to version 11.2.2328.01
  • Patch Manager Plus prior to version 11.2.2328.01
  • Vulnerability Manager Plus prior to version 11.2.2328.01
  • Application Control Plus prior to version 11.2.2328.01
  • Patch Connect Plus prior to version 90124
  • Device Control Plus prior to version 11.2.2328.01
  • Endpoint DLP Solution prior to version 11.2.2328.01
  • Secure Gateway Server prior to version 90091

Users of these ManageEngine products are recommended to apply vendor-specific patches for affected installations to prevent this vulnerability from getting exploited.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.

Eswar

Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…

11 hours ago

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…

11 hours ago

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6 million…

12 hours ago

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers…

13 hours ago

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by the…

14 hours ago

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling…

14 hours ago