• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

TeamViewer Flaw Challenges Password Exposure

You are here: Home / General Cyber Security News / TeamViewer Flaw Challenges Password Exposure
August 24, 2020

A vulnerability in the TeamViewer app could allow destructive actors to steal passwords. 

The substantial-severity flaw was found out in the desktop edition of the app for Windows in advance of 15.8.3. By exploiting the weakness, authenticated menace actors operating remotely could execute code on victims’ methods or crack their TeamViewer passwords. 

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


TeamViewer is a proprietary software software that enables users to control a selection of sensible devices remotely to carry out functions like file transfers, desktop sharing, and web conferencing. 

As a final result of flaw CVE-2020-13699, TeamViewer Desktop for Windows does not adequately quote its custom URI handlers. Because of this, an attacker could power a sufferer to mail an NTLM authentication request and possibly relay the ask for or seize the hash for offline password cracking. 

Victims could also be persuaded to go to a particular web page established up by threat actors to steal credentials or individual info.

The flaw’s discoverer, security engineer at Praetorian Jeffrey Hofmann, described: “An attacker could embed a malicious iframe in a web page with a crafted URL that would start the TeamViewer Windows desktop client and drive it to open up a distant SMB share.” 

In accordance to Hofmann, most web browsers are set up to stop attacks like this from occurring.

He said: “Every contemporary browser other than for Firefox URL encodes spaces when handing off to URI handlers which proficiently helps prevent this attack.”

TeamViewer versions prior to 15.8.3 are susceptible to the flaw, which has been mounted in the hottest launch. 

Andy Harcup, VP, Absolute Program, commented: “Security flaws in sure program and applications will often be located and exploited by opportunistic cyber attackers, and this newest revelation could most likely effects thousands and thousands of Windows users.”

Harcup advised providers to guard their running process by retaining up with the hottest security updates. 

“For consumers to make sure that they are saved risk-free from the influx of cyber-attacks now dealing with them, the IT operations workforce need to make certain their devices are held up-to-day, whilst training their staff to simultaneously maintain a superior level of on the internet vigilance and recognition toward internet basic safety protocol. It is important for enterprises to continue to keep the running system up to day with the hottest security updates in buy to assure greatest security.”

Previous Post: «Cyber Security News US Can make 2nd Espionage Arrest in a Week
Next Post: Hacker Disrupts North Carolina College Lesson Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors
  • Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It
  • Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros
  • Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission
  • Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams
  • Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
  • The Hidden Weaknesses in AI SOC Tools that No One Talks About
  • Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
  • Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
  • North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.