Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account.
References
Link | Resource |
---|---|
https://medium.com/nestedif/vulnerability-disclosure-improper-acl-unauthorized-password-reset-zoho-r-a-p-62efcdceb7a6 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-11-17T12:26:22
Updated: 2021-11-17T12:26:22
Reserved: 2021-10-25T00:00:00
Link: CVE-2021-42955
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-17T13:15:07.317
Modified: 2022-07-12T17:42:04.277
Link: CVE-2021-42955
JSON object: View
Redhat Information
No data.
CWE