Arlecho's ScreenConnect 6 releases

[Dolphin34]

https://www.connectwise.com/company/trus...CmMugLn4qk

FYI - update your instances ASAP.  Apparent 10 scoring CVE discovered.

[mafia996630]

Quick question i patched and installed lates version when i try to login it says invalid credentials what am i doing wrong

Make sure you put username as 'Administrator' and password as 'Administrator'. Capital 'A'.

---

Quick question i patched and installed lates version when i try to login it says invalid credentials what am i doing wrong

Cheers, I upgraded.

[bluechip77]

a server of mine was hacked, hacker removed everything from my server.
hacker also added some unknow extensions

[redditisqueer]

https://www.connectwise.com/company/trus...CmMugLn4qk

FYI - update your instances ASAP.  Apparent 10 scoring CVE discovered.

I attempted the 3.2 patcher with latest SC 23.9.8 but didn't work. i was able to pull up remote page but only the 'admin' section worked. 'access' just sits and spins

I can confirm 3.2 patcher (Thanks again Arlecho!!) works with 22.10.16976.8812 updated 2/16/24 in the archive section https://screenconnect.connectwise.com/download/archive

If you read the bottom of the CVE notice, it says they are updating some installs starting with 22.4, so can someone attempt some of the other installs that they updated 2/15 or 2/16?

[vbcoderx]

https://www.connectwise.com/company/trus...CmMugLn4qk

FYI - update your instances ASAP.  Apparent 10 scoring CVE discovered.

I attempted the 3.2 patcher with latest SC 23.9.8 but didn't work. i was able to pull up remote page but only the 'admin' section worked. 'access' just sits and spins

I can confirm 3.2 patcher (Thanks again Arlecho!!) works with 22.10.16976.8812 updated 2/16/24 in the archive section https://screenconnect.connectwise.com/download/archive

If you read the bottom of the CVE notice, it says they are updating some installs starting with 22.4, so can someone attempt some of the other installs that they updated 2/15 or 2/16?

I updated from 23.8.6.8735 to 23.9.8.8811 successfully. 

I will say that I was on an older version a few months ago that had been updated multiple times. I got this issue:  able to pull up remote page but only the 'admin' section worked. 'access' just sits and spins
I migrated to a new server and reinstalled all clients. It ended up being an issue with the database file but the work had already been done, but I didn't have to worry about it.

[fiddler]

https://www.connectwise.com/company/trus...CmMugLn4qk

FYI - update your instances ASAP.  Apparent 10 scoring CVE discovered.

I attempted the 3.2 patcher with latest SC 23.9.8 but didn't work. i was able to pull up remote page but only the 'admin' section worked. 'access' just sits and spins

I can confirm 3.2 patcher (Thanks again Arlecho!!) works with 22.10.16976.8812 updated 2/16/24 in the archive section https://screenconnect.connectwise.com/download/archive

If you read the bottom of the CVE notice, it says they are updating some installs starting with 22.4, so can someone attempt some of the other installs that they updated 2/15 or 2/16?

I updated from 23.8.6.8735 to 23.9.8.8811 successfully. 

I will say that I was on an older version a few months ago that had been updated multiple times. I got this issue:  able to pull up remote page but only the 'admin' section worked. 'access' just sits and spins
I migrated to a new server and reinstalled all clients. It ended up being an issue with the database file but the work had already been done, but I didn't have to worry about it.

Can you eloborate on the database issue? I have the same issue now and I'm not ready to reinstall everything on a new server.

[redditisqueer]

https://www.connectwise.com/company/trus...CmMugLn4qk

FYI - update your instances ASAP.  Apparent 10 scoring CVE discovered.

I attempted the 3.2 patcher with latest SC 23.9.8 but didn't work. i was able to pull up remote page but only the 'admin' section worked. 'access' just sits and spins

I can confirm 3.2 patcher (Thanks again Arlecho!!) works with 22.10.16976.8812 updated 2/16/24 in the archive section https://screenconnect.connectwise.com/download/archive

If you read the bottom of the CVE notice, it says they are updating some installs starting with 22.4, so can someone attempt some of the other installs that they updated 2/15 or 2/16?

I updated from 23.8.6.8735 to 23.9.8.8811 successfully. 

I will say that I was on an older version a few months ago that had been updated multiple times. I got this issue:  able to pull up remote page but only the 'admin' section worked. 'access' just sits and spins
I migrated to a new server and reinstalled all clients. It ended up being an issue with the database file but the work had already been done, but I didn't have to worry about it.

I've updated probably 5 times since 2018. For others looking, there are some database cleanup tasks you can do under Admin> Database > 'purge' , 'compact', 'purge all events', 'purge session captures'. Mine are set to 200 days for Access

[Arlecho]

Everyone running an internet accessible installation is highly recommended to stay up to date, they have had some other bad CVE's in the past.

Just take a good backup (with the services stopped) and try to upgrade whenever an upgrade is available.
Also keep the plugins up to date if you are running any.

[Sinauth]

Everyone running an internet accessible installation is highly recommended to stay up to date, they have had some other bad CVE's in the past.

Just take a good backup (with the services stopped) and try to upgrade whenever an upgrade is available.
Also keep the plugins up to date if you are running any.

I'm having a problem this morning where I'm getting "Invalid credentials. Please try again." we have 2fa on all accounts.

Is anyone else having this issue? Can't log in whatsoever.

[lionking]

Hi there!
I found myself in the same loop, constant wheel, and an errror when you click some areas saying "DateTime is not valid".
Following your instructions, and after some testing, I found several differences, more than 20, from web.config at broken install, and web.config at new clean install. So I make a procedure that, without installing in other machine, let me fix installation. I think the failure is not at sessions.db, but at database string connection and missing configuration variables, but I thought better reinstall that continue searching for a fix:
1. Stop all services at your server, copy Screenconnect folder program to other location at same server.
2. Fully uninstall Screenconnect server from control panel.
3. Install from scratch Screenconnect server from latest build and activate.
4. It's time to get your things back:
- Copy, from web.config the following data:
AsymmetricKey
InstanceIdentifierBlob
machineKey decryptionKey
* Any other customization made like TTL for sessions, URLs...
* Check that new web.config has this line, if not, add it (it prevent SC from launching setup wizard at first login)
    <add key="IsSetup" value="true" />
5. Copy content to new install, overrwiting following folders:
App_ClientConfig
App_Extensions
App_Themes
App_WebResources
6. Copy Security.db to new install from:
App_data
Launch Screenconnect and wait hosts to connect. That's all!
You'll have new installation with no bugs from now on.
Let's check and share results!

My original web.config does not have the line  InstanceIdentifierBlob,
any suggestions?