Unauthenticated Remote Access to Critical Log Files in Zoho ManageEngine Desktop Central

Unauthenticated Remote Access to Critical Log Files in Zoho ManageEngine Desktop Central

CVE-2018-11716 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444.

Learn more about our Cis Benchmark Audit For Desktop Software.