#VU24936 Insufficiently protected credentials in Zoho ManageEngine Remote Access Plus - CVE-2020-8422

Cybersecurity Help s.r.o.

Published: 2020-02-05

Vulnerability identifier: #VU24936

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-8422

CWE-ID: CWE-522

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Zoho ManageEngine Remote Access Plus
Web applications / Remote management & hosting panels

Vendor: Zoho Corporation

Description

The vulnerability allows a remote user to gain access to sensitive information on the target system.

The vulnerability exists due to insufficiently protected credentials in the affected device. A remote user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Zoho ManageEngine Remote Access Plus: 10.0.447

External links
https://excellium-services.com/cert-xlm-advisory/CVE-2020-8422

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Insufficiently protected credentials in Zoho ManageEngine Remote Access Plus