Home Hackers actively targeting severe authentication bypass flaw in ConnectWise software

Hackers actively targeting severe authentication bypass flaw in ConnectWise software

Security experts have raised alarms over a critical vulnerability in ConnectWise ScreenConnect, a widely used remote access tool, which they describe as “trivial and embarrassingly easy” to exploit. According to TechCrunch, this flaw, with the highest severity rating, poses a significant risk as it allows for an authentication bypass that could enable attackers to remotely access and steal sensitive data or deploy malware on affected systems. As confirmed by the ConnectWise, the software’s developer, malicious hackers are actively exploiting this flaw, posing a significant threat to data security and system integrity.

Despite initial assurances of no public exploitation, the company later confirmed incidents of compromised accounts following an investigation by their incident response team. ConnectWise has also identified and shared IP addresses linked to the attackers.

The vulnerability, impacting a tool essential for IT providers and technicians to offer remote support, was first reported to ConnectWise on February 13, with the company disclosing it in a security advisory on Feb. 19. Although the exact number of affected customers remains undisclosed, ConnectWise spokesperson Amanda Lee mentioned “limited reports” of suspected intrusions, adding that 80% of their cloud-based customer environments were patched automatically within 48 hours.

Huntress, a cybersecurity firm, published an analysis indicating ongoing exploitation of this flaw, with adversaries deploying Cobalt Strike beacons and even installing ScreenConnect clients on compromised servers. Huntress CEO Kyle Hanslovan highlighted the severity of the situation, estimating that thousands of servers controlling numerous endpoints remain vulnerable, potentially leading to a surge in ransomware attacks.

ConnectWise has issued a patch for the vulnerability and is urging users, especially those with on-premise ScreenConnect installations, to apply the update promptly. The company also addressed a separate vulnerability in its remote desktop software but has not observed any exploitation of this flaw.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Maxwell Nelson
Tech Journalist

Maxwell Nelson, a seasoned journalist and content strategist, has contributed to industry-leading platforms, weaving complex narratives into insightful articles that resonate with a broad readership.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.