ConnectWise Control MSP Security Vulnerabilities Are ‘Severe

Discussion in 'other security issues & news' started by hawki, Jan 22, 2020.

  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    4,646
    Location:
    DC Metro Area
    "Using multiple security flaws in ConnectWise Control, hackers could create an “attack chain” that gives cyber-criminals the ability to hijack an MSP’s systems as well as their customers’ devices,...

    The eight flaws named by Bishop Fox are: cross-site scripting, CORS (Cross-Origin Resource Sharing) misconfiguration, cross-site request forgery, information disclosure, remote code execution, user enumeration, missing security headers and insecure cookie scope.

    'The flaws in general, they’re serious in their own right, but when you start taking a look at chaining the vulnerabilities together, [it’s even worse]. We call them basically attack chaining,'..."

    https://www.crn.com/news/managed-se...ecurity-vulnerabilities-are-severe-bishop-fox
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.