CVE-2021-41827: 
Zoho ManageEngine Remote Access Plus vulnerability analysis and mitigation

Zoho ManageEngine Remote Access Plus before version 10.1.2121.1 contained a security vulnerability involving hardcoded credentials for read-only access. The vulnerability, identified as CVE-2021-41827, was discovered in September 2021 and involved hardcoded credentials within the source code of the DCBackupRestore JAR archive (NVD, Nested If).

The vulnerability received a CVSS v3.1 base score of 7.5 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The issue stemmed from hardcoded database connection credentials embedded within the DCBackupRestore JAR file, which could be easily reverse engineered. The affected 'medc' database user had read-only permissions, limiting the potential impact to data access without modification capabilities (NVD, Nested If).

The vulnerability exposed sensitive information stored in the database, including server configurations, deployed agent configurations, enterprise system details, user information, vulnerability/patch status, and other system information. While the hardcoded credentials provided read-only access, this still represented a significant security risk due to the exposure of sensitive enterprise data (Nested If).

The vulnerability was fixed in version 10.1.2121.1 of Zoho ManageEngine Remote Access Plus. The vendor implemented changes to ensure the database backup password would be newly generated and randomized (ManageEngine).