CVE-2021-41828: 
Zoho ManageEngine Remote Access Plus vulnerability analysis and mitigation

Zoho ManageEngine Remote Access Plus before version 10.1.2121.1 contained a security vulnerability related to hardcoded credentials in the resetPWD.xml file (CVE-2021-41828). The vulnerability was discovered and disclosed in September 2021, affecting the Remote Access Plus server application. This issue impacted the authentication mechanism of the application (Zoho Changelog, NVD).

The vulnerability stemmed from hardcoded credentials being embedded within the resetPWD.xml file in the application's bin directory. The file contained a fixed password and weak fixed salt value, making it susceptible to unauthorized access. The issue was compounded by improper file permissions that allowed the file to be readable by unauthorized users (NestedIf).

The presence of hardcoded credentials could allow attackers to gain unauthorized access to sensitive system configurations, deployed agent configurations, enterprise system details, user accounts, and other critical information stored in the database. While the database user 'medc' had view-only permissions, limiting the ability to modify data, the exposure of sensitive information posed a significant security risk (NestedIf).

The vulnerability was patched in Remote Access Plus version 10.1.2121.1. Security experts recommended using SecureRandom function to generate unique credentials during first-time installation to ensure different credentials across installations. Additional recommendations included using a secure vault for storage, implementing PBKDF2 encryption, leveraging Windows Authentication, and relying on filesystem ACL for connection string security (Zoho Changelog, NestedIf).