Unauthenticated Remote Access to Critical Log Files in Zoho ManageEngine Desktop Central
CVE-2018-11716 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444.
Learn more about our Cis Benchmark Audit For Desktop Software.