Teamviewer app
In a security advisory regarding the flaw, the Center for Internet Security (CIS) recommended that TeamViewer users apply the appropriate patches. We are grateful that you reached out to us and that you could confirm the fix of your findings in the latest release.” “Thank you, Jeffrey Hofmann with Praetorian, for your professionalism and following a responsible disclosure model.
Teamviewer app Patch#
In order to patch the flaw, “We implemented some improvements in URI handling relating to CVE 2020-13699,” according to TeamViewer in a statement sent to Threatpost. TeamViewer versions prior to 15.8.3 are vulnerable, and the bug affects various versions of TeamViewer, including: teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1 and tvvpn1. The flaw ranks 8.8 out of 10.0 on the CVSS scale, making it high severity. Every modern browser except for Firefox URL encodes spaces when handing off to URI handlers which effectively prevents this attack.” There are a lot of prerequisites to exploit the vulnerability successfully. “Successfully performing the attack is difficult and requires user interaction.
Teamviewer app password#
It also allows them to capture password hashes, which they can then crack via brute-force.įortunately for users, while the potential impact of this vulnerability is high, “the practical impact is low,” Hofmann explained to Threatpost in an email. This ultimately grants attackers access to the victim’s machine, automatically. The Responder toolkit captures SMB authentication sessions on an internal network, and relays them to a target machine. In this attack scenario, the NTLM request can then be relayed by attackers using a tool like Responder, according to Hofmann. NTLM credentials are based on data obtained during the interactive logon process and consist of a domain name, a user name, and a one-way hash of the user’s password. NTLM uses an encrypted protocol to authenticate a user without transferring the user’s password. SMB is a network protocol used by Windows-based computers that allows systems within the same network to share files.Īfter a victim’s TeamViewer app initiates the remote SMB share, Windows will then make the connection using NT LAN Manager (NTLM). The URI will then trick the app into creating a connection with attacker-controlled remote Server Message Block (SMB) protocol. To initiate the attack, the attacker could simply persuade a victim with TeamViewer installed on their system to click on crafted URL in a website – an opportunity for attackers to potentially launch watering-hole attacks. “An attacker could embed a malicious iframe in a website with a crafted URL () that would launch the TeamViewer Windows desktop client and force it to open a remote SMB share,” according to an advisory by Jeffrey Hofmann, security engineer at Praetorian, who disclosed the flaw. In this specific case, values are not “quoted” by the app – meaning that TeamViewer will treat them as commands rather than as input values. But because handler applications can receive data from untrusted sources, the URI values passed to the application may contain malicious data that attempts to exploit the app. The recently discovered flaw stems from the Desktop for Windows app ( CVE-2020-13699) not properly quoting its custom uniform resource identifier (URI) handlers.Īpps need to identify the URIs for the websites they will handle.
Teamviewer app software#
TeamViewer is a proprietary software application used by businesses for remote-control functionalities, desktop sharing, online meetings, web conferencing and file transfer between computers.
Teamviewer app code#
If exploited, the flaw could allow remote, unauthenticated attackers to execute code on users’ systems or crack their TeamViewer passwords. Popular remote-support software TeamViewer has patched a high-severity flaw in its desktop app for Windows.