CVE-2023-23130

Name of the Vulnerable Software and Affected Versions Connectwise Automate version 2022.11

Description The issue concerns cleartext authentication, where authentication is performed via HTTP with SSL disabled. This is reportedly controlled by a configuration option, allowing customers to choose HTTP over HTTPS during troubleshooting. The vendor considers this behavior to be by design.

Recommendations For Connectwise Automate version 2022.11, consider enabling SSL to encrypt authentication data and minimize the risk of cleartext authentication exploitation. As a temporary workaround, restrict the use of HTTP for authentication until a more secure configuration can be implemented.