Galactic Advisors Wins Credential-Free Assessment Patent

Galactic Advisors, a cybersecurity firm specializing in managed service provider (MSP) defense, recently announced that it has attained a patent for its user-activated penetration testing system, which enables forensic-grade vulnerability assessments without requiring administrative credentials to reduce security risks.

Patented system brings assessments with fewer risks to MSPs

The system changes how MSPs and IT professionals perform assessments by initiating a security analysis with a single user click without collecting, storing, or transmitting sensitive administrative login information.

Scanning tools, which often require privileged access to operate, are becoming increasingly outdated as MSPs utilize them. Storing administrative credentials creates liabilities MSPs aren’t prepared to defend.

The credential-free scanning system from Galactic Advisors– now patented– offers an exclusive, legally defensible path forward for MSPs. It provides actionable, evidence-based vulnerability data that is collected without compromising trust or increasing attack surfaces.

“There’s no reason in 2025 to be handing over domain credentials just to run a scan,” said Bruce McCully, founder and CEO of Galactic Advisors. “This patent ensures our partners can lead with a method that’s more secure.”

The patent for this new security assessment will help organizations leave behind a legacy approach to credential management and provide a more secure, defensible standard for MSPs.

Newly disclosed vulnerabilities

According to Galactic Advisors, two newly discovered vulnerabilities have highlighted the importance of credential-based risk. Administrative credentials are exposed by design, can be easily retrieved by threat actors, and can be covertly collected during normal operations.

The two newly discovered vulnerabilities are publicly listed in the MITRE CVE database:

1. CVE-2025-32352 – Passwords in Cleartext: Network Detective stored sensitive credentials, including those for privileged and administrative accounts, in unprotected plaintext files on local machines. A threat actor with access to the system could have easily accessed the files.
2. CVE-2025-32874 – Reversible Encryption: The tool used a predictable, static encryption method for storing credentials, allowing threat actors to decrypt and expose sensitive data.

“At Galactic, our mission is to help MSPs avoid cyber liability. This means holding the tools they rely on to the highest security standards,” said McCully. “We’re proud of our team’s diligence and of Kaseya’s willingness to engage transparently and take immediate action.”

The importance of risk assessments

Recently, Channel Insider spoke with Cody Kretsinger, principal security advisor at Galactic Advisors, about the newly discovered vulnerabilities and how MSPs should take time to reevaluate vendor trust and dependency.

“When it comes to looking into any tool– and that doesn’t matter if it’s a security tool or otherwise– every organization has to go through some sort of risk assessment depending on the level of access or what the tool does,” said Kretsinger. “You have to weigh the likelihood versus the impact regarding that tool itself.”

Kretsinger emphasized that, when an incident occurs, having established relationships between vendor and customer is key to ensuring that communication, support, updates, and transparency are readily available.

Credential management is significant to cybersecurity posture within the channel and in other industries. Read more about a massive data breach that exposed billions of login credentials and how to protect yourself from infostealers.