CVE-2021-20147

No Score

Description

ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists.

References

https://www.tenable.com/security/research/tra-2021-52

Details

Source: MITRE

Published: 2022-01-03

Updated: 2022-01-04