ConnectWise ScreenConnect Service < 23.9.8 Authentication Bypass (Direct Check)

critical Nessus Plugin ID 190893

Language:

Version 1.38 Oct 27, 2025, 3:15 PM Logic Changes (Gate HTTP debugging behind hidden preference) Plugin Feed: 202510271515
Version 1.37 Oct 23, 2025, 3:11 AM Logic Changes (Fix HTTP/1 library to make sure it closes unused Keep-Alive connections) Plugin Feed: 202510230311
Version 1.35 Oct 16, 2025, 4:39 PM Logic Changes (Implement workaround in HTTP library to prevent triggering an engine bug.) Plugin Feed: 202510161639
Version 1.33 Oct 1, 2025, 9:12 PM Logic Changes (Adding support for user-supplied header added to all HTTP requests.) Plugin Feed: 202510012112
Version 1.32 Sep 30, 2025, 12:41 AM Logic Changes (Add extra checks to see whether plugins should run. Modernisation of the HTTP/1 library. Various corrections and fixes for CPE related Flatline Test Failures. Remove spurious authentication header.) Plugin Feed: 202509300041
Version 1.30 Jul 15, 2025, 2:39 AM Logic Changes Plugin Feed: 202507150239
Version 1.29 Jul 10, 2025, 5:41 PM Logic Changes (Windows CA support) Plugin Feed: 202507101741
Version 1.28 Feb 12, 2025, 3:29 PM Logic Changes Plugin Feed: 202502121529
Version 1.27 Feb 12, 2025, 1:58 AM Logic Changes Plugin Feed: 202502120158
Version 1.26 Feb 10, 2025, 4:00 PM Logic Changes Plugin Feed: 202502101600
Version 1.24 Jan 22, 2025, 5:44 PM New Plugin Feed: 202501221744
Version 1.22 Jan 13, 2025, 10:27 PM New Plugin Feed: 202501132227
Version 1.18 Nov 22, 2024, 6:54 PM Logic Changes (Fixed installation reporting) Plugin Feed: 202411221854
Version 1.17 Nov 12, 2024, 8:29 PM Logic Changes (Adding installs report) Plugin Feed: 202411122029
Version 1.16 Oct 10, 2024, 11:57 PM New Plugin Feed: 202410102357
Version 1.11 Jul 17, 2024, 11:02 PM Logic Changes Plugin Feed: 202407172302
Version 1.9 May 20, 2024, 10:13 AM Logic Changes Plugin Feed: 202405201013
Version 1.6 Mar 19, 2024, 6:40 PM Logic Changes (Improving logging to reduce disk space usage) Plugin Feed: 202403191840
Version 1.5 Mar 19, 2024, 2:37 PM Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202403191437
Version 1.4 Mar 12, 2024, 7:00 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Plugin Feed: 202403121900
Version 1.4 Mar 19, 2024, 12:36 PM Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202403191236
Version 1.3 Mar 8, 2024, 4:03 PM CISA reference CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit framework metasploit" set to "True") Plugin Feed: 202403081603
Version 1.2 Mar 8, 2024, 11:22 AM CVE (set "CVE" coverage to "CVE-2024-1709") CVSSv2 score source (changed from "manual" to "CVE-2024-1709") Plugin Feed: 202403081122
Version 1.1 Feb 27, 2024, 9:22 AM Plugin metadata (Make clear only Service is affected) Plugin Feed: 202402270922
Version 1.0 Feb 22, 2024, 6:43 PM New Plugin Feed: 202402221843

* Changelogs are generally available for changes made after Nov 1, 2022

Detections

Analytics

ConnectWise ScreenConnect Service < 23.9.8 Authentication Bypass (Direct Check)

critical Nessus Plugin ID 190893

Version 1.38

Version 1.37

Version 1.35

Version 1.33

Version 1.32

Version 1.30

Version 1.29

Version 1.28

Version 1.27

Version 1.26

Version 1.24

Version 1.22

Version 1.18

Version 1.17

Version 1.16

Version 1.11

Version 1.9

Version 1.6

Version 1.5

Version 1.4

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.0