Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Manageengine_adaudit_plus | Zohocorp | * | 7.0.0 (excluding) |
| Manageengine_adaudit_plus | Zohocorp | 7.0.0 (including) | 7.0.0 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0.0-7000 (including) | 7.0.0-7000 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0.0-7002 (including) | 7.0.0-7002 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0.0-7003 (including) | 7.0.0-7003 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0.0-7004 (including) | 7.0.0-7004 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0.0-7005 (including) | 7.0.0-7005 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0.0-7006 (including) | 7.0.0-7006 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0.0-7007 (including) | 7.0.0-7007 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0.0-7008 (including) | 7.0.0-7008 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0.0-7050 (including) | 7.0.0-7050 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0.0-7051 (including) | 7.0.0-7051 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0.0-7052 (including) | 7.0.0-7052 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0.0-7053 (including) | 7.0.0-7053 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0.0-7054 (including) | 7.0.0-7054 (including) |
| Manageengine_adaudit_plus | Zohocorp | 7.0.0-7055 (including) | 7.0.0-7055 (including) |
| Manageengine_admanager_plus | Zohocorp | * | 7.1 (excluding) |
| Manageengine_admanager_plus | Zohocorp | 7.1 (including) | 7.1 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7100 (including) | 7.1-7100 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7101 (including) | 7.1-7101 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7102 (including) | 7.1-7102 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7110 (including) | 7.1-7110 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7111 (including) | 7.1-7111 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7112 (including) | 7.1-7112 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7113 (including) | 7.1-7113 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7114 (including) | 7.1-7114 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7115 (including) | 7.1-7115 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7116 (including) | 7.1-7116 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7117 (including) | 7.1-7117 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7118 (including) | 7.1-7118 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7120 (including) | 7.1-7120 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7121 (including) | 7.1-7121 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7122 (including) | 7.1-7122 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7123 (including) | 7.1-7123 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7124 (including) | 7.1-7124 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7125 (including) | 7.1-7125 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7126 (including) | 7.1-7126 (including) |
| Manageengine_admanager_plus | Zohocorp | 7.1-7130 (including) | 7.1-7130 (including) |
| Manageengine_adselfservice_plus | Zohocorp | * | 6.1 (excluding) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1 (including) | 6.1 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6100 (including) | 6.1-6100 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6101 (including) | 6.1-6101 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6102 (including) | 6.1-6102 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6103 (including) | 6.1-6103 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6104 (including) | 6.1-6104 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6105 (including) | 6.1-6105 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6106 (including) | 6.1-6106 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6107 (including) | 6.1-6107 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6108 (including) | 6.1-6108 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6109 (including) | 6.1-6109 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6110 (including) | 6.1-6110 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6111 (including) | 6.1-6111 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6112 (including) | 6.1-6112 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6113 (including) | 6.1-6113 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6114 (including) | 6.1-6114 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6115 (including) | 6.1-6115 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6116 (including) | 6.1-6116 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6117 (including) | 6.1-6117 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6118 (including) | 6.1-6118 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6119 (including) | 6.1-6119 (including) |
| Manageengine_adselfservice_plus | Zohocorp | 6.1-6120 (including) | 6.1-6120 (including) |
| Manageengine_exchange_reporter_plus | Zohocorp | * | 5.7 (excluding) |
| Manageengine_exchange_reporter_plus | Zohocorp | 5.7 (including) | 5.7 (including) |
| Manageengine_exchange_reporter_plus | Zohocorp | 5.7-5700 (including) | 5.7-5700 (including) |