| Product Name | Affected Version(s) |
| PAM360 | 7500 |
| PAM360 MSP | 7410 |
Details
In build 7410 of PAM360 MSP, ManageEngine rolled out an enhancement to granularly mask/unmask shared passwords of PAM360 users based on their user role. However, the team has noticed that, for MSP users who upgraded to this version, the following had occurred:
PAM360 MSP Edition (7410)
- MSP users who had enabled the setting in 7400 in their MSP org:
The setting was set to “None” allowing for all users to view their shared passwords in plain text in MSP ORG. However, the same setting was applied across all of the client ORGs as well. - MSP users who had disabled the setting in 7400 version in their MSP org:
The setting was set to “Non-Administrator Roles” in MSP ORG. However, the same setting was applied across all of the client ORGs as well.
PAM360 Standalone Edition (7500)
ManageEngine released build 7500 to fix the above issue for MSP users. However, the team has noticed that for all non-MSP users who upgraded to PAM360’s 7500 version, if they had made any changes while in 7410, their setting was also reverted to their original settings.
Impact
This flaw would allow relevant users to view previously masked passwords in plain text due to, the automatic modification of this setting. However, any password related activities by users, such as View, Modify, Reset, and Delete–will be duly audited and logged by the PAM360 console.
What should you do?
If you have upgraded to one of these versions, ManageEngine recommends reviewing your settings to ensure they reflect your intended configurations.
- For PAM360 MSP users who upgraded to 7410 or 7500 are strongly advised to manually reset their plain text view of password settings.
- For PAM360 users who had upgraded to 7500, between 6th June 2025, and 12th June, 2025, are strongly advised to reset their plain text view password settings manually.
- ManageEngine advise it’s best practice to rotate shared passwords in case exposure is noticed in audit logs.
Do you need further assistance?
Contact us today and accelerate your ManageEngine experience with trusted, UK-based expertise.
This article is relevant to:
IT SecurityManageEngineSecurity AdvisoryOther recent articles in the same category
You may be interested in these other recent articles
PAM360 Failover Server Setup: Key Considerations
17 October 2025
Setting up a failover server in PAM360 can be tricky. Learn the essentials of PAM360 failover server setup to keep your privileged access environment resilient,…
Read moreLatest Updates for ManageEngine ServiceDesk Plus Cloud
15 October 2025
Discover the latest ServiceDesk Plus Cloud updates, including new features, fixes, and enhancements.
Read moreStay Ahead with the Latest Updates for ManageEngine Password Manager Pro
14 October 2025
Discover the latest Password Manager Pro updates, including new features, fixes, and enhancements.
Read moreStay Ahead with the Latest Updates for ADManager Plus
13 October 2025
Discover the latest ADManager Plus updates, including new features, fixes, and enhancements.
Read moreServiceDesk Plus: Reset Admin Account Even with 2FA
3 October 2025
If you need to reset an admin account in ServiceDesk Plus, getting locked out of your environment can be stressful, especially when two-factor authentication (2FA)…
Read more