| Product Name | Affected Version(s) |
| PAM360 | 7500 |
| PAM360 MSP | 7410 |
Details
In build 7410 of PAM360 MSP, ManageEngine rolled out an enhancement to granularly mask/unmask shared passwords of PAM360 users based on their user role. However, the team has noticed that, for MSP users who upgraded to this version, the following had occurred:
PAM360 MSP Edition (7410)
- MSP users who had enabled the setting in 7400 in their MSP org:
The setting was set to “None” allowing for all users to view their shared passwords in plain text in MSP ORG. However, the same setting was applied across all of the client ORGs as well. - MSP users who had disabled the setting in 7400 version in their MSP org:
The setting was set to “Non-Administrator Roles” in MSP ORG. However, the same setting was applied across all of the client ORGs as well.
PAM360 Standalone Edition (7500)
ManageEngine released build 7500 to fix the above issue for MSP users. However, the team has noticed that for all non-MSP users who upgraded to PAM360’s 7500 version, if they had made any changes while in 7410, their setting was also reverted to their original settings.
Impact
This flaw would allow relevant users to view previously masked passwords in plain text due to, the automatic modification of this setting. However, any password related activities by users, such as View, Modify, Reset, and Delete–will be duly audited and logged by the PAM360 console.
What should you do?
If you have upgraded to one of these versions, ManageEngine recommends reviewing your settings to ensure they reflect your intended configurations.
- For PAM360 MSP users who upgraded to 7410 or 7500 are strongly advised to manually reset their plain text view of password settings.
- For PAM360 users who had upgraded to 7500, between 6th June 2025, and 12th June, 2025, are strongly advised to reset their plain text view password settings manually.
- ManageEngine advise it’s best practice to rotate shared passwords in case exposure is noticed in audit logs.
Do you need further assistance?
Contact us today and accelerate your ManageEngine experience with trusted, UK-based expertise.
This article is relevant to:
IT SecurityManageEngineSecurity AdvisoryOther recent articles in the same category
You may be interested in these other recent articles
Migrating to ServiceDesk Plus Cloud: What Moves, What Doesn’t
19 May 2026
Migrating from ServiceDesk Plus on-premise to the cloud edition is not a straightforward lift-and-shift. The two versions share similar functionality but differ significantly under the…
Read moreProtected: Test: Quote Form
15 May 2026
There is no excerpt because this is a protected post.
Read moreEndpoint Central Disk Space Reports: Getting the Data You Actually Need
13 May 2026
If you’ve ever tried to set up a useful disk space report in ManageEngine Endpoint Central, you’ll know the built-in options can leave a bit…
Read moreLatest Updates for ManageEngine Endpoint Central
7 May 2026
Discover the latest Endpoint Central updates, including new features, fixes, and enhancements.
Read moreAutomatically Creating Notes from Worklogs in ServiceDesk Plus Cloud
6 May 2026
If your team logs worklogs in ManageEngine ServiceDesk Plus Cloud and you want that activity automatically reflected as a note on the request, you’ll be…
Read more
