Null - CVE-2021-33617 Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid. https://t.co/uCWHwEEyO5

1:29pm PDT - August 5th, 2021

CVE-2021-33617 Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid. https://t.co/uCWHwEEyO5

0 retweets 0 likes -

(@eyeTSystems)