Security News > 2020 > August > TeamViewer Flaw in Windows App Allows Password-Cracking

TeamViewer Flaw in Windows App Allows Password-Cracking
2020-08-10 15:56

Popular remote-support software TeamViewer has patched a high-severity flaw in its desktop app for Windows.

If exploited, the flaw could allow remote, unauthenticated attackers to execute code on users' systems or crack their TeamViewer passwords.

"An attacker could embed a malicious iframe in a website with a crafted URL that would launch the TeamViewer Windows desktop client and force it to open a remote SMB share," according to an advisory by Jeffrey Hofmann, security engineer at Praetorian, who disclosed the flaw.

To initiate the attack, the attacker could simply persuade a victim with TeamViewer installed on their system to click on crafted URL in a website - an opportunity for attackers to potentially launch watering-hole attacks.

After a victim's TeamViewer app initiates the remote SMB share, Windows will then make the connection using NT LAN Manager.


News URL

https://threatpost.com/teamviewer-fhigh-severity-flaw-windows-app/158204/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Teamviewer 3 1 5 8 1 15