Unrated severityNVD Advisory· Published Jul 31, 2021· Updated Aug 3, 2024
CVE-2021-33617
CVE-2021-33617
Description
Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Zoho/ManageEngine Password Manager Prodescription
- Range: <11.2.11200
Patches
Vulnerability mechanics
References
3- herolab.usd.de/security-advisories/usd-2021-0015/mitrex_refsource_MISC
- www.manageengine.commitrex_refsource_MISC
- www.manageengine.com/products/passwordmanagerpro/release-notes.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.