• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

TeamViewer Password Exploit

FrgMstr

FrgMstr

Just Plain Mean
Staff member
2FA
Joined
May 18, 1997
Messages
57,711
Do you use TeamViewer to ease access to any of the boxes on your network? If so, this warning over at CVE Search is worth a look and certainly the readme on vah13/extractTVpasswords is worth a read. While you would most likely need to be physically at the computer in question, or if system was already compromised in some other way, it is possible to use this TeamViewer password exploit to later gain full control over the system remotely.
 
In other news another exploit that you can use to gain access to a computer that you already have full access to. Got it.
 
I stopped using TeamViewer after their first exploit popped up and there's been potentially multiple since then.
 
Maxx said:
I stopped using TeamViewer after their first exploit popped up and there's been potentially multiple since then.
Click to expand...
I have used it a little, but always uninstall it when I am done with it.
 
FWIW: This 'exploit' works on the connecting computer (NOT the computer being connected to) and the only real use for it is when you're trying to reconnect to a computer that you've already been connected to once before and the password on that computer has not changed yet (if you're using random passwords OR using the quicksupport, the passwords change on intervals as well as when closing/opening the client).

I've only had the autofill work about 10 times out of probably hundreds of remote sessions when using TV so I wouldn't call this an earth shattering exploit. (I'm assuming ya'll keep your shit on lockdown anyways right?)

Is it a potential issue? Yes. Is it as bad as the issue that happened 2 years ago? Not likely.
 
I have used Teamviewer on parental's machines, for easy remote troubleshooting. It's free, I don't leave it in always on mode, I make them launch it then read me the password over the phone.

However, I have seen this thing on laptops in other people's cages at our colo datacenter... sitting there active and idle waiting for a call. I don't think I would ever trust it for anything important/critical/business related.
 
You must log in or register to reply here.
Back
Top