Previously, the Desktop Central agents were authenticated using a single token for an instance. Now, the agent authentication mechanism has been upgraded so that each specific Desktop Central agent is authenticated using a unique certificate.The vulnerability was reported by Tomasz Kuczyński.
This has been identified and fixed in Desktop Central build 10.0.647. Customers have to upgrade to build 10.0.647 or above to patch this vulnerability.
The following are the steps to enable Client Certificate Authentication to address this vulnerability:
Login to the web console and Navigate to Admin > Security and Privacy > Security Settings > Enable Client Certificate Authentication. You may also refer to this link for more information.
For any queries, feel free to contact our support team at endpointcentral-support@manageengine.com
Note: This vulnerability is not applicable to cloud editions of Desktop Central, Patch Manager Plus and Remote Access Plus.
Keywords: Security Updates, Vulnerabilities and Fixes.