Zohocorp: >> Manageengine Password Manager Pro >> 11.2 Security Vulnerabilities
Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid.
CVSS Score
5.3
EPSS Score
0.005
Published
2021-07-31
Page 2