An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 allows attackers to obtain network share credentials used in a backup due to enginesettings.list being encrypted with a hard coded key.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.