CVE-2023-31492: 
Zoho ManageEngine ADManager Plus vulnerability analysis and mitigation

Zoho ManageEngine ADManager Plus version 7182 and prior contained a security vulnerability that allowed authenticated users to access default passwords intended for account restoration of unauthorized domains. The vulnerability, identified as CVE-2023-31492, was discovered and fixed in March 2023 with the release of version 7183 (Vendor Advisory).

The vulnerability is classified as an 'Insufficiently Protected Credentials' issue (CWE-522) with a CVSS v3.1 base score of 6.5 (Medium). The attack vector is network-based, requires low attack complexity, needs low privileges, and requires no user interaction. The vulnerability allows authenticated helpdesk technicians without backup/recovery privileges to view recovery passwords by accessing a specific API endpoint (GitHub Research).

The vulnerability could allow authenticated technicians to view default passwords used for account restoration in non-delegated domains. This exposure could potentially lead to unauthorized access to restored user accounts through password spraying attacks in the Active Directory environment (GitHub Research).

The vulnerability has been patched in ADManager Plus version 7183. Organizations using affected versions should immediately update their installations to the latest build by installing the service pack. The fix prevents unauthorized technicians from viewing default passwords for account restoration of non-delegated domains (Vendor Advisory).