ManageEngine ADSelfService Plus - GINA Vulnerability
This content has been archived
This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk
Summary
Threat details
Which would allow an attacker to gain local administrator access to the machine from the windows logon screen Crtl+Alt+Delete login screen, including bypassing Bitlocker if pre-boot authentication is disabled.
ManageEngine ADSelfService Plus - "GINA / Credential Provider based Self Service Password Management" enables users to reset their windows passwords and unlock their windows accounts without ICT helpdesk intervention from the windows logon (Crtl+Alt+Delete) screen.
All versions of this software across multiple operating systems including Windows 7 and 10 are thought to be affected by this vulnerability.
The vulnerability resides in the software calling to an IE browser to facilitate password reset & account unlock, which after forcing an error can be manipulated to open windows file explorer, traverse directories and open up a command prompt with system level admin rights. Which could then be used by an attacker to create a new administrative account and gain full system access.
ManageEngine have been made aware of the problem and are working on a resolution
Remediation steps
Last edited: 17 February 2020 11:34 am