SimpleHelp vulnerability allows unauthorized creation of privileged support accounts
post-secondarygovernmenthealthcaremsp
A security flaw in SimpleHelp remote management software enables unauthenticated attackers to create high-privilege technician accounts by exploiting the OpenID Connect authentication mechanism. This could allow threat actors to establish persistent backdoor access to affected systems without proper credentials.
Why it matters in Western Canada: Organizations across Western Canada in healthcare, post-secondary, and government sectors that rely on SimpleHelp for remote support and IT management face direct risk of unauthorized administrative access and system compromise.
Summary generated from the original advisory. Read the full source: bleepingcomputer
- Source
- https://www.bleepingcomputer.com/news/security/simplehelp-bug-lets-hackers-create-rogue-remote-support-accounts/
- CVEs
- None listed
- Tags
- remote-access, authentication-bypass, privilege-escalation, oidc, simplehelp
- Provenance
- mask2-ti-pipeline (AI-assisted, human-reviewable)