| Product Name | Affected Version(s) |
| PAM360 | 7500 |
| PAM360 MSP | 7410 |
Details
In build 7410 of PAM360 MSP, ManageEngine rolled out an enhancement to granularly mask/unmask shared passwords of PAM360 users based on their user role. However, the team has noticed that, for MSP users who upgraded to this version, the following had occurred:
PAM360 MSP Edition (7410)
- MSP users who had enabled the setting in 7400 in their MSP org:
The setting was set to “None” allowing for all users to view their shared passwords in plain text in MSP ORG. However, the same setting was applied across all of the client ORGs as well. - MSP users who had disabled the setting in 7400 version in their MSP org:
The setting was set to “Non-Administrator Roles” in MSP ORG. However, the same setting was applied across all of the client ORGs as well.
PAM360 Standalone Edition (7500)
ManageEngine released build 7500 to fix the above issue for MSP users. However, the team has noticed that for all non-MSP users who upgraded to PAM360’s 7500 version, if they had made any changes while in 7410, their setting was also reverted to their original settings.
Impact
This flaw would allow relevant users to view previously masked passwords in plain text due to, the automatic modification of this setting. However, any password related activities by users, such as View, Modify, Reset, and Delete–will be duly audited and logged by the PAM360 console.
What should you do?
If you have upgraded to one of these versions, ManageEngine recommends reviewing your settings to ensure they reflect your intended configurations.
- For PAM360 MSP users who upgraded to 7410 or 7500 are strongly advised to manually reset their plain text view of password settings.
- For PAM360 users who had upgraded to 7500, between 6th June 2025, and 12th June, 2025, are strongly advised to reset their plain text view password settings manually.
- ManageEngine advise it’s best practice to rotate shared passwords in case exposure is noticed in audit logs.
Do you need further assistance?
Contact us today and accelerate your ManageEngine experience with trusted, UK-based expertise.
This article is relevant to:
IT SecurityManageEngineSecurity AdvisoryOther recent articles in the same category
You may be interested in these other recent articles
Latest Updates for ManageEngine Endpoint Central
8 July 2025
Discover the latest Endpoint Central updates, including new features, fixes, and enhancements.
Read moreLatest Updates for ManageEngine ServiceDesk Plus Cloud
Discover the latest ServiceDesk Plus Cloud updates, including new features, fixes, and enhancements.
Read moreStay Ahead with the Latest Updates for ADSelfService Plus
24 June 2025
Discover the latest ADSelfService Plus updates, including new features, fixes, and enhancements.
Read moreStay Ahead with the Latest Updates for ManageEngine OpManager
20 June 2025
Discover the latest OpManager updates, including new features, fixes, and enhancements.
Read moreStay Ahead with the Latest Updates for ManageEngine Analytics Plus
19 June 2025
Discover the latest ManageEngine Analytics Plus updates, including new features, fixes, and enhancements.
Read more