This issue occurs due to the lack of filtering the change password request emails. Accordingly, an authenticated user can exploit this information leak and change any user's password. Zoho ManageEngine Desktop Central before 10.1.2137.10 does not have the capability to restrict the change password request emails to certain IP addresses or users. This results in any user receiving an email with a change password link.
An attacker can leverage this vulnerability to change any user's password. An attacker can send a malicious email to any user with a subject line like ‘Manual Password Change' or ‘Change password request.' In this email, the attacker can add a malicious link to the change password request email. An attacker can send this change password request email to any user with any distribution list. Zoho ManageEngine Desktop Central before 10.1.2137.10 does not have the capability to restrict the email subject or email message content. This results in any user receiving an email with a change password link. An attacker can leverage this vulnerability to change any user's password. An attacker can send a malicious email to any user with a subject line like ‘Manual Password Change' or ‘Change password request.' In this email, the attacker can add a malicious link to the change password request email. An attacker can send this change password request email to any user with any distribution list. Zoho ManageEngine Desktop Central before 10.1.2137.10 does not have
Vulnerability details
An authenticated user can exploit this information leak and change any user's password. The vulnerability is caused due to the lack of filtering the change password request emails. Accordingly, any user receiving an email with a change password link would be able to exploit this information leak and change any user's password.
The vulnerability is caused due to the lack of filtering the change password request emails. Accordingly, any user receiving an email with a change password link would be able to exploit this information leak and change any user's password.
Checkpoint:
Zoho ManageEngine Desktop Central before 10.1.2137.10 does not have the capability to restrict the change password request emails to certain IP addresses or users
An attacker can leverage this vulnerability to change any user's password. An attacker can send a malicious email to any user with a subject line like ‘Manual Password Change' or ‘Change password request.' In this email, the attacker can add a malicious link to the change password request email. An attacker can send this change password request email to any user with any distribution list. Zoho ManageEngine Desktop Central before 10.1.2137.10 does not have the capability to restrict the email subject or email message content. This results in any user receiving an email with a change password link. An attacker can leverage this vulnerability to change any user's password.
Typical Scenario
Typical scenario: An attacker sends a malicious email to any user with a subject line like ‘Manual Password Change' or ‘Change password request.' In this email, the attacker can add a malicious link to the change password request email. An attacker can send this change password request email to any user with any distribution list. Zoho ManageEngine Desktop Central before 10.1.2137.10 does not have the capability to restrict the email subject or email message content. This results in any user receiving an email with a change password link. An attacker can leverage this vulnerability to change any user's password.
An attacker sends a malicious email to any user with a subject line like ‘Manual Password Change' or ‘Change password request.' In this email, the attacker can add a malicious link to the change password request email which contains some text that is similar in appearance to the following: "This is just an example of what you will get." The text in question is "You must be logged on for this feature." Hence, an authenticated user can exploit this information leak and change any other users' passwords by clicking on some "example" text followed by their username and new password given below it-
"example": http://www.zoho-manageengine-desktop-central/domain/username/password
Another typical scenario would be that an attacker sends a malicious link containing malware within it so as to infect target users. A typical scenario could
Timeline
Published on: 01/28/2022 16:15:00 UTC
Last modified on: 02/02/2022 18:56:00 UTC