11 August 2020

TeamViewer vulnerablity could allow hackers to obtain system password


TeamViewer vulnerablity could allow hackers to obtain system password

The team behind TeamViewer, a popular software application for remote support, remote access, and online meetings, has released an update to address a high risk vulnerability, which could allow attackers to steal system password and eventually compromise the system.

The vulnerability, tracked as CVE-2020-13699, exists due to the way TeamViewer quotes its custom URI handlers, which could allow an attacker to force the software to relay an NTLM authentication request to the attacker's system. Simply put, an attacker can use the issue in the TeamViewer's URI scheme to trick the application installed on the victim's system into initiating a connection to the attacker-controlld remote SMB share. To do this the attacker needs to create a malicious web-page and trick the user into visiting it.

“An attacker could embed a malicious iframe in a website with a crafted URL that would launch the TeamViewer Windows desktop client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking),” according to Jeffrey Hofmann, a security engineer at Praetorian, who found the flaw.

The issue affects the URI handlers teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1.

The TeamViewer versions 8 through 15 (up to 15.8.2) for the Windows platform are impacted. The flaw was fixed by quoting the parameters passed by the affected URI handlers.

Back to the list

Latest Posts

Palmerworm cyber-spies hide in compromised networks for months

Palmerworm cyber-spies hide in compromised networks for months

A new espionage campaign targets companies in Japan, Taiwan, the U.S., and China.
30 September 2020
Healthcare provider UHS hit by a ransomware attack

Healthcare provider UHS hit by a ransomware attack

The cause of the incident is believed to be the Ryuk ransomware.
29 September 2020
Apple fixed four dangerous vulnerabilities in macOS

Apple fixed four dangerous vulnerabilities in macOS

Exploitation of some of the problems allows arbitrary code execution on the system.
28 September 2020