Phone Live Chat
US: +1 888 720 9500
US: +1 800 443 6694
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9393

Security Updates

[Fixed] Generation of AuthToken without 2FA verification - ManageEngine ADManager Plus

Vulnerability Details
Severity Medium
CVE ID CVE-2023-41904
Affected software version 7202 and older
Fixed version 7203
Fixed on July 30, 2023


The CVE- 2023-41904 refers to an issue in ADManager Plus versions 7202 and older where the REST APIs were accessible without proper 2FA verification.This has been fixed in the build 7203 and its release notes can be found here.


Authtokens used for the REST API request can be generated without the 2FA. Learn more about the generation of REST API AuthToken here.

Steps to update

Update your ADManager Plus instance to its latest build by installing the service pack.


This vulnerability was reported by the Vector0 Research Team.


Select a language to translate the contents of this web page:

Need further assistance?

Fill this form, and we'll contact you rightaway.

Request Support

  • *
  • *
  • *
  • By submitting you agree to processing of personal data according to the Privacy Policy.

"Thank you for submitting your request.

Our technical support team will get in touch with you at the earliest."

ADManager Plus Trusted By

The one-stop solution to Active Directory Management and Reporting
Email Download Link email-download-top