Hey think i found a security bug in the app. I use LDAP to authenticate users.
I have created several security groups that provides various permissions throughout the app.
I have set up 2FA for the users, this works as standard.
However I noticed once a user is logged into ScreenConnect, and then if i then disable the user in AD. The user still has full access to the web app, even when i close the web browser and reopen it they are still connected.
I am using the self hosted version and running the latest software.
Ideally it would be best if once the user was disabled in AD the logged in user was locked out. or if we could force users sessions to log out
Customer support service by UserEcho