Issue: Recently, ConnectWise sent a notification of a vulnerability in their plugin to Kaseya’s VSA to their customer base.
Workaround: Kaseya has worked with ConnectWise and we have created a small application which mitigates the vulnerability until ConnectWise’s permanent fix which they have scheduled for Q1 2018.
NOTE: This is only required for customers who have installed the ConnectWise supplied plugin. If you are not using this plugin OR you are using the Kaseya supplied connector (see part 2 below), it is not required and should not be installed.
Part 1: Mitigating the ConnectWise Issue:
Please download the attached .zip file ("VSAAccessControlSentry.zip") and review the README.txt for instructions.
Part 2: Switch to Kaseya Supplied Plugin:
Kaseya has its own ConnectWise plug-in available now, that does not suffer from this security vulnerability. It is available to our mutual customers at no license charge (there is a nominal implementation fee).
If you are interested in using Kaseya’s PSA Connector to ConnectWise, please contact your Kaseya Customer Success Manager and reference the Product SKU: S-ONP-K3-PSA-CONW.