SCENARIO: User working from home connects to at-office computer via ConnectWise Control (CWC / ScreenConnect). At a random point in the day the session disconnects. The user goes back into the CWC user webpage to MY ASSIGNED MACHINES. Their at-office computer is no longer listed BUT their at-home computer is listed. The at-home computer was never setup with the CWC agent.
PROBLEM: Per CW support this is known issue. They are failing to see the major SECURITY concern though. The at-home computer was never setup with CWC/ScreenConnect and is never supposed to be connected to. The at-home computer is a client only and should only connect TO the at-office computer... no one should ever be able to connect to the at-home computer.
But that is exactly what happens when this security bug manifests itself. Once the bug activates, the at-home computer is now able to be connected to remotely.
CONDITIONS: This has occurred to multiple users over our workforce involving multiple types of computers, OS's, ISP's, etc. It has happened to multiple versions of the CWC agent.
Customer support service by UserEcho