Unauthenticated User Account Validation Vulnerability in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317

Unauthenticated User Account Validation Vulnerability in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317

CVE-2018-7248 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not.

Learn more about our Api Penetration Testing.