-
EDR / MDRIdentify, contain, respond, and stop malicious activity on endpoints
-
SIEMCentralize threat visibility and analysis, backed by cutting-edge threat intelligence
-
Risk Assessment & Vulnerability ManagementIdentify unknown cyber risks and routinely scan for vulnerabilities
-
Identity ManagementSecure and streamline client access to devices and applications with strong authentication and SSO
-
Cloud App SecurityMonitor and manage security risk for SaaS apps
-
SASEZero trust secure access for users, locations, and devices
-
SOC ServicesProvide 24/7 threat monitoring and response backed by ConnectWise SOC experts
-
Policy ManagementCreate, deploy, and manage client security policies and profiles
-
Incident Response ServiceOn-tap cyber experts to address critical security incidents
-
Cybersecurity GlossaryGuide to the most common, important terms in the industry
ConnectWise Automate Plugin Insufficiently Protected Credentials
11/17/2021
Vulnerability
CWE-522 Insufficiently Protected Credentials
Severity
Important - Vulnerabilities that could compromise confidential data or other processing resources but require additional access / privilege to do so.
Priority
1 - Vulnerabilities that are either being targeted or have a higher risk of being targeted by exploits in the wild. Recommend patching as soon as possible.
Affected Versions
1.8 and earlier versions of the Active Directory Plugin are impacted.
Remediation
CLOUD:
Update the plugin from the Solution Center to version 1.9. Additional recommended steps are provided in the Supportability Statement here.
ON-PREMISE:
Update the plugin from the Solution Center to version 1.9. Additional recommended steps are provided in the Supportability Statement here.
The new plugin version has a minimum version required of ConnectWise Automate specified in the Supportability Statement.
Additional Info
https://home.connectwise.com/securityBulletin/619531abd54f870001a74eb1
Software Updates
Available via Solution Center