ManageEngine ADManager Plus NTLM Hash Exposure

MEDIUM (6.4) No Patch
cwe-200active-directoryadmanagermanageenginentlm-hash-exposurevulnerability

Threat Intelligence

Low Risk
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

ManageEngine ADManager Plus is a Windows-based Active Directory management tool used by some organizations to manage and maintain their Active Directory infrastructure. This vulnerability allows attackers to expose NTLM hashes, which can be used to gain unauthorized access to the system.

Am I affected?

You're affected if you use Zohocorp ManageEngine ADManager Plus versions. Affected versions: 8025 If you don't recognise this software, you're probably not affected.

Affected Products

ManageEngine / ADManager Plus

How to fix

To fix this vulnerability, upgrade to ManageEngine ADManager Plus version 8026 or later. You can download the latest version from the official ManageEngine website: https://www.manageengine.com/products/ad-manager/download

Immediate mitigations:

  • Disable the "Impersonate as Admin" option in the ADManager Plus settings.
  • Restrict network access to your ADManager Plus instance (firewall it from the public internet).

References