EIP-2026-102406

This is a detailed technical writeup describing an authentication bypass vulnerability in ManageEngine ServiceDesk Plus 9.0, where a valid username can be used as both the username and password to compromise the application when Active Directory/LDAP is enabled. The exploit involves logging into the mobile client directory and manipulating the URL to gain full application access.