CrazyFrog

2 exploits Active since Jun 2023
CVE-2023-35854 NOMISEC CRITICAL WORKING POC
ManageEngine ADSelfService Plus <= 6113 - Authentication Bypass via Session Token Theft
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."
1 stars
CVSS 9.8
CVE-2023-35854 WRITEUP CRITICAL WORKING POC
ManageEngine ADSelfService Plus <= 6113 - Authentication Bypass via Session Token Theft
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."
CVSS 9.8