Security News > 2020 > July > Apache Guacamole Opens Door for Total Control of Remote Footprint

Apache Guacamole, a popular infrastructure for enabling remote working, is vulnerable to a slew of security bugs related to the Remote Desktop Protocol, researchers have warned.

"Once in control of the gateway, an attacker can eavesdrop on all incoming sessions, record all the credentials used, and even start new sessions to control the rest of the computers within the organization," explained Eyal Itkin, researcher from Check Point, in a posting on Thursday.

"While the employee only uses his browser, the Guacamole server selects one of the supported protocols and uses an open-source client to connect to the specific corporate computer. Once connected, the Guacamole server acts as a middle-man that relays the events back and forth while translating them from the chosen protocol to the special 'Guacamole Protocol' and vice versa."

Apache Guacamole is vulnerable to several critical bugs inside its own infrastructure, along with other vulnerabilities found in FreeRDP, according to Check Point.

"In other words, a malicious corporate computer can take control of an unsuspecting FreeRDP client that connects to it.By looking at the released versions of Apache Guacamole, we can see that only version 1.1.0, released at the end of January 2020, added support for the latest FreeRDP version. Knowing that our vulnerabilities in FreeRDP were only patched on version 2.0.0-rc4, this means that all versions that were released before January 2020 are using vulnerable versions of FreeRDP.".

News URL

https://threatpost.com/apache-guacamole-control-remote-footprint/157124/