Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

 

Potential vulnerabilities

1. Third Party interception:

If the client-server communication is not secure, then anyone in between can intercept the data being exchanged in 'plain text' leading to a "Man in the Middle" (MITM) attack. This can result in confidential data, such as usernames and passwords, being obtained. A person being attacked might not even be aware of such an intrusion. Meanwhile the attacker can save a copy of the data for a later exploit.

2. Port Vulnerability:

While it's necessary for some ports to be open to internet traffic, it is also standard practice to ensure that only the bare minimum ports are exposed. If your data is sent using HTTP, it is vulnerable and can be exploited by stealing passwords, eavesdropping, and attacks of the like. The intrusion of malicious software can open unwanted ports and close the ones that's are essential. This allows an intruder to carry out botnet attacks, denial of service attacks, etc. To counter these attacks, firewalls should be configured accordingly to restrict communication only to the ports in use. It is also advisable to use HTTPS while communicating confidential information over the network, as the attacker would need the secret key to decrypt any information he captures over the network.

3. Password compromise and data breaches due to a poor password policy:

If logon credentials are bypassed then attackers can gain access to virtually everything that the end user does including viewing the whole webpages, stealing cookies such as auto fill form data, browsing history etc, and even hijacking Windows accounts rendering them inactive but for a trade-off. Weak passwords can be easily compromised. Brute force attacks are when an automated application by a hacker makes multiple guesses (by permutations and combinations) to compromise weak passwords. A strong password, (i.e.) that is long and has a complex combination of alpha, numeric and special characters make it difficult for hackers to hack passwords. If a company’s network-attached storage (such as servers) is accessible without a password, or data is accessible between computers on a network without the need for authentication, huge volumes of records could be stolen. If a strong password policy is not in place, it can cause an irreversible loss of corporate data.

4. Malicious code injection by hackers:

Bugs in network related software can be exploited by breachers for injection of malicious codes. This is called cross site scripting. This allows for a backdoor entry for hacking vectors which, once installed, allows remote code execution that can disrupt normal services, steal your credentials and/or cause your system to be part of series of botnet attacks on other computers in the network.

ManageEngine's ADAudit Plus takes utmost care to ensure that it is secure from potential vulnerabilities. Following are the specifications of ADAudit Plus which hardens security against various attacks to prevent data breaches.

ADAudit Plus Trusted By