Unrated severityNVD Advisory· Published Feb 1, 2023· Updated Aug 2, 2024
CVE-2023-23127
CVE-2023-23127
Description
In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Connectwise/Controldescription
- Range: =22.8.10013.8329
Patches
Vulnerability mechanics
News mentions
0No linked articles in our index yet.