Vulnerabilities > CVE-2019-16516 - Information Exposure Through Discrepancy vulnerability in Connectwise Control 19.3.25270.7185
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
References
- http://packetstormsecurity.com/files/165432/ConnectWise-Control-19.2.24707-Username-Enumeration.html
- http://packetstormsecurity.com/files/165432/ConnectWise-Control-19.2.24707-Username-Enumeration.html
- https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34
- https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34
- https://know.bishopfox.com/advisories
- https://know.bishopfox.com/advisories
- https://know.bishopfox.com/advisories/connectwise-control
- https://know.bishopfox.com/advisories/connectwise-control
- https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox
- https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox
- https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox
- https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox