Secure your Desktop Central server from unauthenticated access!

Secure your Desktop Central server from unauthenticated access!

Dear Customer's,

 

At ManageEngine, we consider security as our top priority. That’s why we bring it to your immediate attention, that some versions of Desktop Central Server instances that were hosted as edge devices with weak password policies might be compromised (reported by BleepingComputer).

 

A cyberthreat actor has claimed that the Desktop Central servers hosted as edge devices (publicly accessible) that do not have two-factor authentication enabled and use the default credentials to authenticate users can fall prey.

 

Only the Desktop Central servers that meet all the below criteria:

  • Server is publicly accessible

  • Two-factor authentication is not enabled

  • Default credential are used for logging in

The claim made by the cyberthreat actor was investigated by the Desktop Central security thoroughly and it seems to be true. We found that only the Desktop Central servers hosted on the edge with Two Factor Authentication disabled and the default admin username and password enabled, are potentially vulnerable. However, it neither means that everybody is affected nor does it mean that an exploit has happened. 

 

As soon as we detected that there was a possibility of potential exploit, we immediately rolled out the fix and prepared the associated documents for it.

 

The fix locks the Desktop Central servers with the default admin username and password enabled. A password reset link is provided in the Desktop Central user login page. Users can visit this page to know the steps involved in resetting the password. 

 

If your Desktop Central server/network is safe, how to secure it further in a proactive note.

 

Please refer to this below article for detailed steps:

https://www.manageengine.com/products/desktop-central/cyberthreat-actor-claim-unauthenticated-access.html

 

It is highly recommended to upgrade to the latest build to be a recipient of strengthened security measures and enhancements for seamless functioning of the product. 

 

If you need assistance, our support team is always ready to help. Please reach out to us at uems-security@manageengine.com.

 

We strive to resolve these types of security issues as quickly as possible, and we sincerely apologize for any inconvenience caused by this vulnerability. We want to stand by you and help you overcome this situation.

 

We’re ready to help you, as always.

ManageEngine Desktop Central Team
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial





                            Related Products