There are many remote desktop tools that we can use. The boom in these types of applications in recent months has been quite large, mainly due to the pandemic and the increase in teleworking. However, on many occasions this type of service can have vulnerabilities and put our security and privacy at risk. Today we report on a major bug that affects TeamViewer and exposes user passwords.
A bug in TeamViewer puts passwords at risk
TeamViewer is one of the most popular options when it comes to being able to connect remotely to another team. It is widely used by both private users as well as companies and organizations.
The vulnerability that we are reporting affects the Windows version of TeamViewer. Specifically to versions prior to 15.8.3 . If a potential attacker manages to exploit this vulnerability, they could crack passwords or even run code on the victims’ systems.
This bug has been logged as CVE-2020-13699 . As we say, a hypothetical attacker could force a victim to submit an NTLM authentication request and relay the request or capture the hash to decrypt the password offline. They could even redirect the victim to an illegitimate site controlled by the attackers and thus steal credentials and personal data.
The vulnerability was discovered by a Praetorian security researcher, Jeffrey Hofmann. It indicated that an attacker could embed a malicious iframe on a website with a crafted URL that would run the TeamViewer desktop client on Windows and force it to open a remote SMB share.
Of course, most modern browsers are configured to avoid this type of attack. However, there are some, like Firefox, that could not prevent this threat.
TeamViewer update fixes the problem
This vulnerability affects versions prior to 15.8.3 of the Windows operating system. This means that any later version will avoid this threat that can compromise our security when using TeamViewer .
Once again the enormous importance of keeping the equipment correctly updated is demonstrated. We must always have the available patches installed and thus avoid vulnerabilities that could compromise our security and privacy. There are many bugs that can arise but normally the developers themselves release patches to correct them.
In short, all those who use the TeamViewer tool for Windows and have a version prior to 15.8.3 should update as soon as possible and thus correct the problem. Remote access is something that has gained a lot of weight in recent times but it can also have vulnerabilities that leave our equipment and systems exposed.
We leave you an article where we explain some options to share screen with total security. A series of recommendations that we can use in our day to day so as not to take any unnecessary risk.