Direct Inward Dialing: +1 408 916 9393
|Affected software versions||7182 and older|
|Fixed on||Mar. 15, 2023|
ADManager Plus builds 7182 and older are reported to have a security vulnerability that allows authenticated technicians to view the default passwords for the account restoration of unauthorized domains. This has been fixed in the build 7183; its release notes can be found here.
Authenticated technicians can view the default passwords intended for account restoration of non-delegated domains by constructing a specific API request.
Update your ADManager Plus instance to its latest build by installing the service pack.
This issue was reported by metin via Zoho's Bug Bounty program.
Select a language to translate the contents of this web page:
Fill this form, and we'll contact you rightaway.
Our technical support team will get in touch with you at the earliest."