This application utilized the Self Registration feature to create a rogue agent that then dumps ApplianceConfiguration settings which may or may not contain information such as plain text passwords. This was reported to SolarWinds PSIRT on 10/10/2019 with very little feedback.
SolarWinds n-Central Dumpster Diver Description / Explanation FIXES/WORKAROUNDS have been released for more information: cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2020-7984 This application utilizes the nCentral agent dot net libraries to simulate the agent registration and pull the agent/appliance configuration settings This information can contain plain text active