“These don’t always get the same attention as exploit docs with decoy content, but the variety of these web-facing services gives actors lots of options.” “Ultimately, this underscores the threat posed to internet-facing applications,” Matt Dahl, principal intelligence analyst for Crowdstrike, noted. It is, in other words, a powerful, highly privileged application which can act as a convenient point-of-entry to areas deep inside an enterprise’s footprint, for both users and attackers alike. The Zoho ManageEngine ADSelfService Plus is a self-service password management and single sign-on (SSO) solution for AD and cloud apps, meaning that any cyberattacker able to take control of the platform would have multiple pivot points into both mission-critical apps (and their sensitive data) and other parts of the corporate network via AD. The issue affects builds 6113 and below (the fixed version is 6114). Zoho issued a patch on Tuesday, and CISA warned that admins should not only apply it immediately, but also ensure in general that ADSelfService Plus is not directly accessible from the internet. The issue (CVE-2021-40539) has been actively exploited in the wild as a zero-day, according to the Cybersecurity and Infrastructure Security Agency (CISA). Please visit our online shop to order a LAM Pro license.A critical security vulnerability in the Zoho ManageEngine ADSelfService Plus platform could allow remote attackers to bypass authentication and have free rein across users’ Active Directory (AD) and cloud accounts. The account pages will be still available in read-only mode. If you set the access level of your server profile to "Change passwords" then LAM will not allow any changes to the LDAP database except password changes via this page. LAM can generate random passwords and you can send the passwords directly by mail. This special page allows your deskside support staff to reset the passwords of your users. You can define if LAM should allow write access, password changes or only read access. LAM Pro supports Windows, Shadow, PPolicy, 389ds, FreeRadius and QMail. There is a number of jobs available to notify users and delete/move accounts. the PPolicy password policy and sends a password reminder email before your user's passwords expire. notify users that their passwords will expire soon. ![]() The LAM Pro self service also supports custom scripts. This allows you to further automate your management processes. You can also specify LDAP attributes as parameters for the script calls. You can specify if a script should be run before or after the LDAP modification. LAM Pro allows you to run any script on your server when an account is created/modified/deleted. Kopano/Zarafa: management of Kopano/Zarafa users, groups and servers.Sudo role: sudo role management that replaces /etc/sudoers.Simple Security Object: entries with password only.Suse) use this schema for group accounts. RFC2307bis schema: some distributions (e.g.PPolicy: password policy overlay for OpenLDAP.Organizational roles: organizationalRole object class.Oracle databases: replacement for tnsnames.ora.NIS object, automount: used to define network mounts.IP host: IP addresses for host accounts.Heimdal/MIT: manage your Heimdal/MIT Kerberos accounts.Since they allow DNs as members you can also use them to represent nested groups. Group of (unique) names, group of members: these modules can be used to represent group relations.DNS entries: PowerDNS and bind DLZ entries.Device: manages serial numbers and other information for host entries.Custom fields: manage your own custom LDAP object classes.Auto delete: uses dynamic directory services (DDS) to delete entries by LDAP server.Apache Guacamole: Guacamole configuration.Alias: can be used to define aliases for user accounts.LAM Pro provides some more account modules to support additional LDAP object classes. ![]() Allows to integrate external CSS files to match your corporate design.Password self reset with security question and/or email verification. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |