Vulnerability cyber

Zoho

Mar 5, 2025 1 min read
Zoho

Zoho patched a high-severity vulnerability in its ADSelfService Plus software, resulting in potential risks before remediation. The flaw allowed attackers to bypass authentication, accessing sensitive enrollment data for password management and single sign-on services. This could have led to account takeovers and weakened organizational security. Zoho addressed the issue promptly with a software update, urging users to apply the patch. Although the flaw had a CVSSv3.1 score of 8.1, there were no customer data breaches reported. This incident highlights the importance of maintaining rigorous security measures, such as multi-factor authentication, to safeguard against identity management system compromises.

Source: https://cybersecuritynews.com/zoho-adselfservice-plus-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/zoho

"id": "zoh411030525",
"linkid": "zoho",
"type": "Vulnerability",
"date": "3/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Zoho',
                        'type': 'Software Company'}],
 'attack_vector': 'Authentication Bypass',
 'description': 'Zoho patched a high-severity vulnerability in its '
                'ADSelfService Plus software, resulting in potential risks '
                'before remediation. The flaw allowed attackers to bypass '
                'authentication, accessing sensitive enrollment data for '
                'password management and single sign-on services. This could '
                'have led to account takeovers and weakened organizational '
                'security. Zoho addressed the issue promptly with a software '
                'update, urging users to apply the patch. Although the flaw '
                'had a CVSSv3.1 score of 8.1, there were no customer data '
                'breaches reported.',
 'impact': {'operational_impact': 'Weakened organizational security',
            'systems_affected': 'ADSelfService Plus software'},
 'lessons_learned': 'Importance of maintaining rigorous security measures, '
                    'such as multi-factor authentication, to safeguard against '
                    'identity management system compromises.',
 'motivation': 'Account Takeover, Access Sensitive Data',
 'post_incident_analysis': {'corrective_actions': 'Patch applied, software '
                                                  'update',
                            'root_causes': 'High-severity vulnerability in '
                                           'ADSelfService Plus software'},
 'recommendations': 'Apply patches promptly, use multi-factor authentication.',
 'response': {'containment_measures': 'Software update',
              'remediation_measures': 'Patch applied'},
 'title': 'Zoho ADSelfService Plus Authentication Bypass Vulnerability',
 'type': 'Vulnerability Exploit',
 'vulnerability_exploited': 'High-severity vulnerability in ADSelfService Plus '
                            'software'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.