First published: Wed Nov 17 2021(Updated: )
Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp Manageengine Remote Access Plus | <10.1.2132 | |
Microsoft Windows | ||
All of | ||
Zohocorp Manageengine Remote Access Plus | <10.1.2132 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-42955 is an unauthorized password reset vulnerability affecting Zoho Remote Access Plus Server Windows Desktop binary version 10.1.2132.
CVE-2021-42955 allows any non-admin Windows user to reset the password of the Remote Access Plus Server Admin account due to a flaw in the password reset mechanism.
CVE-2021-42955 has a severity score of 7.8 (high).
Zoho Remote Access Plus Server Windows Desktop binary version up to and including 10.1.2132 is affected by CVE-2021-42955.
To fix CVE-2021-42955, update Zoho Remote Access Plus Server to version 10.1.2132 or higher.