This has been posted on the ManageEngine user forums many times before, however I feel I should state it again.  The support offered by ManageEngine (at least for Password Manager Pro) really is terrible.

 

In my case, I reported an issue to ManageEngine on an easily exploitable data leakage vulnerability more than a year ago.  I was told a workaround would be in the next release (this was on 6503).  It was not in the next release.  In fact, a year later, after more conversations and requests, ManageEngine provided me a patch for this vulnerability.  This patch did not work and the next release (after the patch) did not contain the fix.  I now find myself again trying to get some mitigation on this and it's not looking likely any time soon.

 

What we saved on this product versus more mainstream PIM suites was acceptable even with the lessened functionality.  However, when we can't deploy it widely due to a vulnerability, the money spent and administrative hours spent on this project have proved to be wasted money.

 

My next step will be to have to publish this vulnerability as a CVE.  I've never had to do this with any other vendor for any other project.

 

I would love it if anyone else who has had problems with this company's lack of proper support would chime in on this post so that people consindering buying this product may consider what they are getting in to.