Insecure Encryption Algorithm in Zoho ManageEngine OpManager: Universal Decryptor Vulnerability
CVE-2015-9107 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor.
Learn more about our Web Application Penetration Testing UK.