Описание
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username.
Ссылки
- http://packetstormsecurity.com/files/165432/ConnectWise-Control-19.2.24707-Username-Enumeration.htmlExploitThird Party AdvisoryVDB Entry
- https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- http://packetstormsecurity.com/files/165432/ConnectWise-Control-19.2.24707-Username-Enumeration.htmlExploitThird Party AdvisoryVDB Entry
- https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 19.2.24707 (включая)
Одно из
cpe:2.3:a:connectwise:control:*:*:*:*:*:*:*:*
cpe:2.3:a:connectwise:control:19.3.25270.7185:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.38214
Средний
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-203
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username.
EPSS
Процентиль: 97%
0.38214
Средний
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-203