Main Vulnerability Database SB2018090623

SB2018090623 - Improper control of interaction frequency in TeamViewer

Published: September 6, 2018 Updated: November 7, 2019

Security Bulletin ID SB2018090623

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper control of interaction frequency (CVE-ID: CVE-2018-16550)

The vulnerability allows a remote attacker to perform a brute-force attack on the target system.

The vulnerability exists due to the application does not implement sufficient measures to prevent multiple failed authentication attempts. A remote attacker can bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN.

Remediation

Install update from vendor's website.

References

https://twitter.com/vah_13/status/1036894081350291457