Insecure Encryption Algorithm in Zoho ManageEngine OpManager: Universal Decryptor Vulnerability

Insecure Encryption Algorithm in Zoho ManageEngine OpManager: Universal Decryptor Vulnerability

CVE-2015-9107 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor.

Learn more about our Web Application Penetration Testing UK.