A cyberthreat actor has claimed that access to a few Endpoint Central server instances that were hosted as edge devices with weak password policies might be compromised. This document will explain the claim, the conditions under which an instance might be compromised, and the steps end users can take to harden their security.
A cyberthreat actor has claimed that the Endpoint Central servers hosted as edge devices (publicly accessible) that do not have two-factor authentication enabled and use the default credentials to authenticate users might be affected. The claim made is only applicable if an organization’s Endpoint Central server satisfies all three conditions mentioned below.
We were in touch with third-party intelligence firms to investigate this claim. (reference article)
Only the Endpoint Central servers that meet all the below criteria are targeted:
Go to the Admin tab, and click Security Settings.
Note: 1) It is highly recommended that you enable Two-Factor Authentication in your Endpoint Central server.
2) Please refer to our Security tips and recommendations document for enhanced security.
Yes, your setup might be affected as it has the default username and password. It is highly recommended that you remove or change the username and password of the default admin account. To do that, go to the Admin tab and select User Administration under Global Settings. Here, either change the password of the default admin account or remove the default admin account. To enhance the security of your server even more, go to the Admin tab, click Security Settings, and enable more of the options listed there.
Your server might be affected if the Secure Gateway Server's UI is enabled and the default admin username and password remains active in the central server. If you have configured your server that way, please reset your default credentials and enable two-factor authentication. This page will help you.
If you need assistance, our support team is always ready to help. Please reach out to us at uems-security@manageengine.com.