|Affected software versions
|Builds 6123 and below
|May 24, 2022
CVE-2021-37423 refers to a security vulnerability reported in ManageEngine ADSelfService Plus that allowed sync agent functionality to be breached by an attacker. This was executed remotely by an unauthenticated user by deleting the real Password Sync Agent from the database and registering a fake Password Sync Agent.
We have now released ADSelfService Plus build 6200 that fixes the issue as follows:
This issue allowed the attacker to gain access to all the Password Sync Agent functionalities.
Update your ADSelfService Plus instance to 6200 using the service pack.
After upgrading to the latest build, customers using Password Sync Agent will need to reinstall the agent and provide the access key generated in the product for proper functioning of the agent. Backward compatibility has not been provided for older versions of Password Sync Agent installed. For more information regarding Password Sync Agent installation, click here.
This issue was reported in Zoho BugBounty by STM.
Need further assistance? Fill this form, and we'll contact you rightaway.
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.