Cleartext Authentication Vulnerability in Connectwise Automate by ConnectWise
CVE-2023-23130

5.9MEDIUM

Key Information:

Vendor: Connectwise
Status: Automate
Vendor: CVE Published:; 1 February 2023

🔔 Create Connectwise Vulnerability Alert

What is CVE-2023-23130?

Connectwise Automate version 2022.11 is exposed to security risks due to cleartext authentication, where data is transmitted without encryption over HTTP. This vulnerability occurs when SSL is disabled, allowing potentially sensitive information to be intercepted during the authentication process. While the vendor provides the option to configure settings to use HTTP instead of HTTPS for troubleshooting purposes, this practice opens up significant security concerns. It is crucial for users to ensure that secure protocols are employed to protect their data.

References

https://github.com/l00neyhacker/CVE-2023-23130

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2023
Vulnerability Reserved
Jan 11, 2023