Authentication bypass vulnerability in ServiceDesk Plus Builds 10511 to 11133

This is a security advisory regarding a possible authentication bypass vulnerability in ServiceDesk Plus, which has been identified and rectified. On-premises users of ServiceDesk Plus version 10511 to 11133 who have enabled SAML authentication are affected by this vulnerability and advised to update to the latest version (11134) immediately.

Severity: High

Impact: This vulnerability might be exploited to log in to a ServiceDesk Plus installation with administrative privileges to access information or change service desk configurations, both of which can be used to provide unauthorized access to user data or aid subsequent attacks. To do so, an attacker would need to carry out two steps. First, they would need to enter the credentials of any service desk user’s account. Then they would need to alter the parameter ‘username’ to another username with administrative privileges after SAML validation. This would require the attacker to know three pieces of information: the user credentials of any service desk account, the username of an administrator account, and the domain details.

What led to the vulnerability?

The security check process used by ServiceDesk Plus to authenticate the username and the user domain post SAML validation had a vulnerability that made it possible to change the parameter ‘username’ post SAML validation.

This vulnerability could be exploited to log in to a ServiceDesk Plus installation as an administrator.

Who is affected?

This vulnerability affects customers of any edition of ServiceDesk Plus (on-premises) using version 10511 to 11133 who have SAML authentication enabled.

How have we fixed it?

This particular vulnerability has been addressed in ServiceDesk Plus 11134 by fixing the security check mechanism such that authentication occurs with the username and domain details stored securely rather than from direct incoming parameters that can be tampered with easily.

How to find out if you are affected

Click the Help link in the top-right corner of the ServiceDesk Plus web client. Select the About option from the drop-down to see your current version. If your current version is between 10511 and 11133 and you are using SAML authentication, you might be affected.

What customers should do

ServiceDesk Plus versions 11100 to 11133

Download the upgrade pack from https://www.manageengine.com/products/service-desk/service-packs.html and immediately upgrade to the latest version (11134).

ServiceDesk Plus versions 10511 to 11010

Please follow this forum post for further updates. Alternatively, you can upgrade to the latest version (11134) using the appropriate migration path here: https://www.manageengine.com/products/service-desk/on-premises/service-packs.html

Please read the upgrade instructions carefully before beginning the upgrade. For assistance, write to support@servicedeskplus.com or call us toll-free at +1.888.720.9500.

Important note: As always, make a copy of the entire ServiceDesk Plus installation folder before applying the upgrade, and keep the copy in a separate location. If anything goes wrong during the upgrade, you’ll have this copy as a backup, which will keep all your settings intact. If you’re using an MS SQL server as a back-end database, back up the ServiceDesk Plus database before upgrading. Once the upgrade is successfully completed, remember to delete the backup.