Zoho ManageEngine Disclosure of Hardcoded Credentials | allinfosecnews.com

April 25, 2023, 7:01 p.m. | Jimi Sebree

Tenable Research Advisories www.tenable.com

Zoho ManageEngine Disclosure of Hardcoded Credentials

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.

The PostgreSQL database server used in AMP is run under the SYSTEM account:

C:\Program Files\ManageEngine\AMP\pgsql\bin>set PGPASSWORD=Stonebraker&& psql -h 127.0.0.1 -p 4567 -d AMP -U postgres -q AMP=# DROP TABLE IF EXISTS cmd_exec; …

access actor amp build configuration credentials data database disclosure hardcoded hardcoded credentials low malicious manageengine manager permissions postgresql privileged privileged user server zoho zoho manageengine

More from www.tenable.com / Tenable Research Advisories

Approach.App Multiple Vulnerabilities 1 week, 6 days ago | www.tenable.com

app application exploitation management +9

Karros Technologies Authentication Bypass 1 week, 6 days ago | www.tenable.com

authentication authentication bypass bypass technologies

Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 2 weeks, 1 day ago | www.tenable.com

avalanche big buffer buffer overflow +12

Path Traversal Affecting Multiple CData Products 3 weeks, 6 days ago | www.tenable.com

application attachment cookie date +14

LG LED Assistant v2.1.65 Multiple Vulnerabilities 1 month ago | www.tenable.com

assistant led vulnerabilities

Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities 1 month, 2 weeks ago | www.tenable.com

arcserve data data protection protection +1

Microsoft Azure Synapse Analytics - Privilege Escalation via Vegas Caching Service 1 month, 3 weeks ago | www.tenable.com

analytics azure azure synapse caching +8

Showdownjs Denial of Service 2 months ago | www.tenable.com

can command concept conditions +17

Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS) 2 months, 2 weeks ago | www.tenable.com

accesstoken admin adobe authentication +9

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

SITEC- Systems Security Administrator- Camp HM Smith

@ Peraton | Camp H.M. Smith, HI, United States

View on infosec-jobs.com

Cyberspace Intelligence Analyst

@ Peraton | Fort Meade, MD, United States

View on infosec-jobs.com

General Manager, Cybersecurity, Google Public Sector

@ Google | Virginia, USA; United States

View on infosec-jobs.com

Cyber Security Advisor

@ H&M Group | Stockholm, Sweden

View on infosec-jobs.com

Engineering Team Manager – Security Controls

@ H&M Group | Stockholm, Sweden

View on infosec-jobs.com