During a penetration test we encountered the ManageEngine ADSelfService Plus (ADSS) solution. ADSS offers multiple functionalities such as managing password policies for administrators or self password reset/account unlock for Active Directory users. We decided to dig into this solution. However, our research barely started that a wild exploitation on this solution was announced.
In this article we will explore the details of several vulnerabilities that allow an unauthenticated attacker to execute arbitrary code on the server.
This post was created with our nice and easy submission form. Create your post!
GIPHY App Key not set. Please check settings