A critical security vulnerability in the Zoho ManageEngine ADSelfService Plus platform could allow remote attackers to bypass authentication and have free rein across users’ Active Directory (AD) and cloud accounts. The issue (CVE-2021-40539) has been actively exploited in the wild as a zero-day, according to the Cybersecurity and Infrastructure Security Agency (CISA). Zoho issued a patch on Tuesday, and CISA warned that admins should not only apply it immediately, but also ensure in general that ADSelfService Plus is not directly accessible from the internet. The issue affects builds 6113 and below (the fixed version is 6114). The Zoho ManageEngine ADSelfService Plus is a self-service password management and single sign-on (SSO) solution for AD and cloud apps, meaning that any cyberattacker able to take control of the platform would have multiple pivot points into both mission-critical apps (and their sensitive data) and other parts of the corporate network via AD. It is, in other words, a powerful, highly privileged application which can act as a convenient point-of-entry to areas deep inside an enterprise’s footprint for both users and attackers alike. “Ultimately, this underscores the threat posed to internet-facing applications,” Matt Dahl, principal intelligence analyst for Crowdstrike, noted. “These don’t always get the same attention as exploit docs with decoy content, but the variety of these web-facing services gives actors lots of options.” This isn’t Zoho’s…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-09-09 08:58:002021-09-09 08:58:00Zoho Password Manager Zero-Day Bug Under Active Attack Gets a Fix
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com