ManageEngine Desktop Central contains a flaw in the /servlets/DCOperationsServlet servlet. The issue is triggered when the addOrModifyUser operation may be performed in this servlet without any authentication or privilege check. With a specially crafted request, a remote attacker can manipulate the admin password.
