Manage Engine Analytics Vulnerability Allows User Account Takeover
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A high-severity authentication vulnerability in ManageEngine Analytics Plus on-premise installations has been identified, potentially allowing malicious actors to gain unauthorized access to Active Directory (AD) authenticated user accounts.
The vulnerability, tracked as CVE-2025-1724, affects all Windows builds prior to 6130 and was patched on March 11, 2025. Security teams are urged to update affected systems immediately to mitigate the risk of account takeovers.
The flaw in ManageEngine Analytics Plus on-premise creates a critical authentication bypass vulnerability that security researchers have classified as high severity.
This vulnerability specifically affects the AD authentication flow in Windows-based installations that don’t have Active Directory Single Sign-On (SSO) configurations enabled.
During analysis, security experts determined that the vulnerability could be exploited to intercept and manipulate authentication processes, potentially leading to complete account takeover scenarios.
The core issue stems from insufficient key management and inadequate encryption in the authentication handling process.
The authentication flaw allows attackers to potentially capture and replay authentication tokens, effectively impersonating legitimate users without requiring their credentials.
The vulnerability was discovered and responsibly disclosed by security researcher Muhammed Mekkawy through ManageEngine’s Bug Bounty program.
Risk Factors Details Affected ProductsAll Analytics Plus on-premise Windows builds below 6130ImpactAccess to AD user accountsExposure of sensitive user informationAccount takeover capabilityExploit PrerequisitesWindows installation AD authentication without SSO configuration Network access to target systemCVSS 3.1 Score8.2 (High)
Organizations running vulnerable versions of Analytics Plus face significant risks. Successful exploitation could enable attackers to gain unauthorized access to sensitive data analytics dashboards, reports, and underlying data sources connected to the platform.
The vulnerability effectively compromises the authentication boundary that segregates user accounts.
“The potential for account takeover attacks exposes organizations to data exfiltration, privilege escalation, and potential regulatory compliance issues.”
The most significant impacts include:
Mitigations
ManageEngine has addressed this vulnerability in build 6130, released on March 11, 2025.
The fix implements robust key management practices by generating installation-specific keys and storing them with appropriate encryption strength.
This remediation prevents the interception and manipulation of authentication data that made the vulnerability exploitable.
Organizations should download the latest upgrade pack from ManageEngine’s service pack page and follow the provided instructions to update to the patched version.
IT administrators are encouraged to implement the fix during scheduled maintenance windows to minimize operational disruption.
#Cyber_Security #Cyber_Security_News #Vulnerability #Vulnerability_News #cyber_security #cyber_security_news
Оригинальная версия на сайте:
Manage Engine Analytics Vulnerability Allows User Account Takeover
Author: Guru BaranA high-severity authentication vulnerability in ManageEngine Analytics Plus on-premise installations has been identified, potentially allowing malicious actors to gain unauthorized access to Active Directory (AD) authenticated user accounts.
The vulnerability, tracked as CVE-2025-1724, affects all Windows builds prior to 6130 and was patched on March 11, 2025. Security teams are urged to update affected systems immediately to mitigate the risk of account takeovers.
The flaw in ManageEngine Analytics Plus on-premise creates a critical authentication bypass vulnerability that security researchers have classified as high severity.
This vulnerability specifically affects the AD authentication flow in Windows-based installations that don’t have Active Directory Single Sign-On (SSO) configurations enabled.
During analysis, security experts determined that the vulnerability could be exploited to intercept and manipulate authentication processes, potentially leading to complete account takeover scenarios.
The core issue stems from insufficient key management and inadequate encryption in the authentication handling process.
The authentication flaw allows attackers to potentially capture and replay authentication tokens, effectively impersonating legitimate users without requiring their credentials.
The vulnerability was discovered and responsibly disclosed by security researcher Muhammed Mekkawy through ManageEngine’s Bug Bounty program.
Risk Factors Details Affected ProductsAll Analytics Plus on-premise Windows builds below 6130ImpactAccess to AD user accountsExposure of sensitive user informationAccount takeover capabilityExploit PrerequisitesWindows installation AD authentication without SSO configuration Network access to target systemCVSS 3.1 Score8.2 (High)
Organizations running vulnerable versions of Analytics Plus face significant risks. Successful exploitation could enable attackers to gain unauthorized access to sensitive data analytics dashboards, reports, and underlying data sources connected to the platform.
The vulnerability effectively compromises the authentication boundary that segregates user accounts.
“The potential for account takeover attacks exposes organizations to data exfiltration, privilege escalation, and potential regulatory compliance issues.”
The most significant impacts include:
- Unauthorized access to sensitive analytics dashboards and reports
- Potential exposure of connected data sources
- Compromised user account integrity
- Possible privilege escalation within the platform
Mitigations
ManageEngine has addressed this vulnerability in build 6130, released on March 11, 2025.
The fix implements robust key management practices by generating installation-specific keys and storing them with appropriate encryption strength.
This remediation prevents the interception and manipulation of authentication data that made the vulnerability exploitable.
Organizations should download the latest upgrade pack from ManageEngine’s service pack page and follow the provided instructions to update to the patched version.
IT administrators are encouraged to implement the fix during scheduled maintenance windows to minimize operational disruption.
#Cyber_Security #Cyber_Security_News #Vulnerability #Vulnerability_News #cyber_security #cyber_security_news
Оригинальная версия на сайте:
