CVE-2024-1709 PoC — Authentication bypass using an alternate path or channel

Source

https://github.com/sxyrxyy/CVE-2024-1709-ConnectWise-ScreenConnect-Authentication-Bypass

Associated Vulnerability

Title:Authentication bypass using an alternate path or channel (CVE-2024-1709)
Description:ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

Readme

# ConnectWise ScreenConnect: Authentication Bypass

## Introduction
This project aims to exploit an authentication bypass vulnerability in ConnectWise ScreenConnect. It provides a script to demonstrate the exploit. Please ensure you have the necessary permissions before attempting to use this script.

## Usage

```bash
python exploit.py [options]
```

### Options:
- `--username`: Username to add (**Required**).
- `--password`: Password to add (**Required**).
- `--urls`: Path to the file containing URLs.
- `--url`: Run only on this URL.

Note: Either `--urls` or `--url` is required.

## Example
```bash
python exploit.py --username admin --password p@ssw0rd --urls urls.txt
python exploit.py --username admin --password p@ssw0rd --url 'http://127.0.0.1/'
```

## Disclaimer
This project is for educational purposes only. Use it at your own risk. The authors do not take any responsibility for its misuse.

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →