HTTP: ZOHO ManageEngine OpManager Default Credentials Authentication Bypass
This signature detects attempt to exploit an authentication bypass vulnerability which has been reported in ManageEngine OpManager. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could lead to authentication bypass and grant the attacker the control of the service.
Extended Description
ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.
Affected Products
Zohocorp manageengine_opmanager
References
CVE: CVE-2015-7765
Short Name
HTTP:ZOHO-MGR-AUTH-BYPASS
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Authentication Bypass CVE-2015-7765 Credentials Default ManageEngine OpManager ZOHO
Release Date
07/25/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Zohocorp
CVSS Score
9.0