Executive Summary
A vulnerability was identified in Netwrix Threat Manager during a routine third-party security review. Due to the storage of a password in cleartext, an attacker who has administrative access to the Netwrix Threat Manager server, may be able to forge authentication tokens that appear valid to the application. These forged tokens permit the attacker to specify their permissions or impersonate any existing user, potentially compromising the confidentiality, integrity, and availability of Netwrix Threat Manager.
Netwrix is unaware of any evidence of active exploitation of this vulnerability.
Vulnerability
| Title | Affected Component | Affected Versions | CVSS 4.0 Score | CVSS 3.1 Score (Base / Temporal) | Description |
|---|---|---|---|---|---|
| Cleartext Password - Configuration File | Netwrix Threat Manager | < 3.0.480 | 8.3 | 7.9 / 6.9 | Netwrix Threat Manager stores the password used to encrypt the deployment-specific authentication token signing key in plain text within an application configuration file. This may allow an attacker with administrative access to the Netwrix Threat Manager server to forge authentication tokens that appear valid to the application. These forged tokens may permit the attacker to specify their permissions or impersonate any existing user, potentially compromising the confidentiality, integrity, and availability of Netwrix Threat Manager. |
Exploitability
Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgements about urgency and priority; customers should use the information below in making those decisions.
| Title | Publicly known? | Exploit available? | Actively exploited? |
|---|---|---|---|
| Cleartext Password - Configuration File | No | No | No |
Solution
All Netwrix Threat Manager customers are advised to update Netwrix Threat Manager to version 3.0.480 or later as soon as possible. Instructions for the Netwrix Threat Manager upgrade process can be found in this help center article.
Please contact the Netwrix technical support team should you need assistance.
Official Fixes
Updated software has been released containing official fixes for all listed vulnerabilities as indicated in the table below.
| Title | Version |
|---|---|
| Cleartext Password - Configuration File | 3.0.480 |
FAQ
-
How do I determine the current version of Netwrix Threat Manager?
Version information is displayed at the bottom of the Netwrix Threat Manager login page.
Please contact the Netwrix technical support team should you need assistance.
Revisions
Updates to this advisory may be made as necessary. Information about each change will be published in the table below.
| Revision | Date | Description |
|---|---|---|
| 1 | 2025-03-27T13:00:00Z | First published |
Disclaimer
The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.