Critical flaw in SimpleHelp enables rogue remote support accounts

A critical vulnerability in SimpleHelp’s remote support platform could let attackers create privileged technician accounts without any authentication. The flaw stems from improper handling of the OpenID Connect (OIDC) authentication protocol, potentially exposing organizations relying on the software to unauthorized access.

How the flaw works

The issue arises because SimpleHelp fails to enforce proper checks during OIDC-based account creation. An unauthenticated user could manipulate the authentication flow to generate accounts with elevated privileges. Once created, these rogue accounts could be used to remotely access managed systems, bypassing legitimate controls.

Risks for businesses

Administrators using SimpleHelp for remote IT support face significant exposure. The ability to create privileged accounts without authorization undermines access management and could lead to full system compromise. Given the software’s role in managing endpoints, the impact extends beyond individual machines to entire networks.

Next steps for users

SimpleHelp has not yet released a patch, but users should review their OIDC configurations and restrict network access to the platform as a temporary mitigation. Monitoring for unusual account creation activity is also recommended until an official fix is available.

---

Source: BleepingComputer. AI-assisted editorial synthesis — TechnoExpress.