Can any of you smart programmers look at this? Is the auth bypass just incompetence?
Screenconnect is a remote admin tool that enables IT support to remote control screen and run scripts. Usually used in companies to provide support to computers.
So, if hacked, this enables the attacker to run anything as SYSTEM account (similar to root) on computers connected to the Screenconnect instance. It is handy to have agents on machines to enable hands off support.
After using and maintaining Screenconnect for many years, this kind of thing is no surprise. Up until the past year or two, you literally had to generate MFA codes manually and copy and paste them on a user by user basis to one giant webpage. Most of this kind of authentication seemingly was text / database based. For example, we had a list of 800 users who had access to their personal machines and when making changes, you could see their passwords in clear text (because we as admins had to set them).
2 comments
[ 3.7 ms ] story [ 12.0 ms ] threadScreenconnect is a remote admin tool that enables IT support to remote control screen and run scripts. Usually used in companies to provide support to computers.
So, if hacked, this enables the attacker to run anything as SYSTEM account (similar to root) on computers connected to the Screenconnect instance. It is handy to have agents on machines to enable hands off support.