ConnectWise Automate Plugin Insufficiently Protected Credentials

Vulnerability

CWE-522 Insufficiently Protected Credentials

Severity

Important - Vulnerabilities that could compromise confidential data or other processing resources but require additional access / privilege to do so.

Priority 

1 - Vulnerabilities that are either being targeted or have a higher risk of being targeted by exploits in the wild. Recommend patching as soon as possible.

Affected Versions

1.8 and earlier versions of the Active Directory Plugin are impacted.

Remediation

CLOUD:

Update the plugin from the Solution Center to version 1.9. Additional recommended steps are provided in the Supportability Statement here.

ON-PREMISE:

Update the plugin from the Solution Center to version 1.9. Additional recommended steps are provided in the Supportability Statement here.

The new plugin version has a minimum version required of ConnectWise Automate specified in the Supportability Statement.

Additional Info

https://home.connectwise.com/securityBulletin/619531abd54f870001a74eb1

Software Updates

Available via Solution Center