How to remediate – ManageEngine SupportCenter Plus Default Administrator Credentials

Contents

1. Introduction

ManageEngine SupportCenter Plus uses default administrative credentials, allowing attackers remote access to its management interface. This vulnerability impacts confidentiality, integrity and availability as an attacker can fully control the application. Systems running unpatched versions of ManageEngine SupportCenter Plus are usually affected.

2. Technical Explanation

The remote ManageEngine SupportCenter Plus install uses a default set of credentials (‘administrator’ / ‘administrator’) to control access to its management interface. An attacker can use these known credentials to log in and gain administrative access. There is no CVE associated with this vulnerability, but it represents a common misconfiguration. For example, an attacker could simply attempt to login using the default username and password from anywhere on the network or internet if exposed.

Root cause: Use of weak default credentials.
Exploit mechanism: An attacker attempts to log in with the default ‘administrator’ / ‘administrator’ credentials.
Scope: ManageEngine SupportCenter Plus installations.

3. Detection and Assessment

You can confirm if a system is vulnerable by checking the application version or attempting to login with default credentials.

Quick checks: Access the SupportCenter Plus web interface and check the ‘About’ page for the version number.
Scanning: Nessus plugin ID 165849 can detect this vulnerability. This is an example only.
Logs and evidence: Check application logs for successful logins with the default credentials, if logging is enabled.

4. Solution / Remediation Steps

Follow these precise steps to fix the issue.

4.1 Preparation

No services need to be stopped for this change. A roll back plan is to restore from backup if needed.
This change requires a short maintenance window. Approval may be required by your IT security team.

4.2 Implementation

Step 1: Log into the SupportCenter Plus application as an administrator.
Step 2: Click ‘Admin’ in the top right corner of the screen.
Step 3: Select ‘Personalize’.
Step 4: Select ‘Change Password’.
Step 5: Enter a strong, unique password and confirm it.
Step 6: Click ‘Save’.

4.3 Config or Code Example

Before


Default credentials: administrator / administrator

After


Custom, strong password set for the administrator account.

4.4 Security Practices Relevant to This Vulnerability

Several security practices can help prevent this issue.

Practice 1: Least privilege – limit access rights to only those necessary for each user.
Practice 2: Safe defaults – avoid using default credentials and enforce strong password policies.

4.5 Automation (Optional)

No automation is recommended due to the need for manual password changes.

5. Verification / Validation

Post-fix check: Attempt to log in using ‘administrator’ / ‘administrator’. The login should fail.
Re-test: Repeat the initial detection steps – you should no longer be able to log in with the default credentials.
Smoke test: Verify that administrators can still log in with their new password and access key features of SupportCenter Plus.
Monitoring: Monitor application logs for failed login attempts using the default ‘administrator’ username. This is an example only.


Login attempt with administrator / administrator should fail.

6. Preventive Measures and Monitoring

Update security baselines to prevent this issue.

Baselines: Update your security baseline or policy to include a requirement for changing default credentials on all new installations.
Pipelines: Include checks in CI/CD pipelines to ensure that default credentials are not present in configuration files.
Asset and patch process: Review configurations regularly as part of an asset management program.

7. Risks, Side Effects, and Roll Back

Changing the password could temporarily disrupt access if the new password is forgotten or lost.

Risk or side effect 1: Loss of administrator access if the new password is forgotten. Mitigation: Document the new password securely.
Roll back: Restore from backup to revert to the previous configuration, including default credentials.

8. References and Resources

Vendor advisory or bulletin: ManageEngine Security Updates
NVD or CVE entry: No specific CVE is associated with this vulnerability.
Product or platform documentation relevant to the fix: ManageEngine SupportCenter Plus – Personalization

Updated on December 27, 2025

Was this article helpful?

Yes No