Fixes to Multiple Vulnerabilities

The list of vulnerabilities mention below have been fixed in Desktop Central build 10.0.647. These vulnerabilities were reported by Tomasz KuczyƄski.

S. No Vulnerability Details Applicability for Desktop Central Cloud
1. Basic authentication in the agent - server communication has been enhanced with Client Certification Authentication. Not applicable
2. Improper authorization handling in agent data posted to the server has been addressed. Not applicable
3. Stored XSS vulnerability in the Inventory section has been addressed. Fixed and released on August 18, 2021
4. Single token per instance for agent authentication has been enhanced with an individual certificate for every agent (CVE-2020-28050). Not applicable

 How do I fix it?

This has been identified and fixed in Desktop Central build 100647. Customers have to upgrade to build 100647 or above to patch this vulnerability.

The following are the steps to enable Client Certificate Authentication to address this vulnerability: Login to the web console and navigate to Admin > Security Settings > Enable Client Certificate Authentication.

You may also refer to this link for more information.

For any queries, feel free to contact our support team at desktopcentral-support@manageengine.com

    Keywords: Security Updates, Vulnerabilities and Fixes.