“Audit this”: Active Directory audit tool had a pre-auth RCE-shaped hole in it
The Stack: 07/1/22 The vulnerabilities were in Zoho ManageEngine ADAudit Plus and allocated CVE-2022-28219. They were reported by US security firm Horizon3.ai which said it regularly encounters the product in penetration tests and that it could be an attractive target to attackers “because of the privileged access [it has] to Active Directory.”. Read the entire article here
Read More