CVE-2015-5610

Name of the Vulnerable Software and Affected Versions SolarWinds N-Able N-Central versions prior to 9.5.1.4514

Description The issue allows remote authenticated users to obtain the cleartext domain-administrator password. This is possible because the RSM service uses the same password decryption key across different customers' installations. An attacker can locate the encrypted password within HTML source code and then use knowledge of this key from another installation to obtain the password.

Recommendations For versions prior to 9.5.1.4514, update to version 9.5.1.4514 or later to resolve the issue. As a temporary workaround, consider restricting access to the RSM service to minimize the risk of exploitation.