Teamviewer Vulnerability Lets attacker Steal System Password

 

The popular remote access tool Teamviewer recently patched a vulnerability in it clients that cloud leak your password to an attacker. An attacker can prepare a malicious website that will use the specific TeamViewer URI to launch the application when visited.


The popular remote access tool Teamviewer recently patched a vulnerability in it clients that cloud leak your password to an attacker. An attacker can prepare a malicious website that will use the specific TeamViewer URI to launch the application when visited.


 The tricky part is that due to some issues with quoting strings the attacker can add a new play argument to the site linking to a remote unc path under their control.  

And now any vulnerable client will then try to connect to the remote SMB share on the unc path and send the users NTLM authentication request which basically is a simple password hash.


The attacker can then either relay the NTLM request to a target machine or simply brute force the user's password in order to get full access and of course from there on its game over.


The vulnerability has been patched in version 15.8.3 and is highly recommended to update your version. If you don't want to keep track manually then, of course, you can use the vulnerability assessment and patch management built into Acronis cyber protect which can automatically update Teamviewer and keep you safe.

0 Comments

Post a Comment

Post a Comment (0)

Previous Post Next Post