1:29pm PDT - August 5th, 2021
CVE-2021-33617 Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid. https://t.co/uCWHwEEyO5
0 retweets 0 likes - (@eyeTSystems)