Zoho ADSelfService Plus Flaw Allows Hackers to Gain Unauthorized Access
Posted: Fri Mar 07, 2025 5:31 pm
A critical security flaw in Zoho’s widely used identity management solution, ADSelfService Plus, has been patched after researchers discovered it could enable attackers to hijack user sessions and compromise sensitive enrollment data.
Tracked as CVE-2025-1723, the high-severity vulnerability underscores the risks of insufficient session validation in authentication systems, particularly when multi-factor authentication (MFA) safeguards are not enforced.
https://gbhackers.com/zoho-adselfservice-plus-flaw/
Tracked as CVE-2025-1723, the high-severity vulnerability underscores the risks of insufficient session validation in authentication systems, particularly when multi-factor authentication (MFA) safeguards are not enforced.
https://gbhackers.com/zoho-adselfservice-plus-flaw/