Tuesday July 17, 2018

TeamViewer Password Exploit

Do you use TeamViewer to ease access to any of the boxes on your network? If so, this warning over at CVE Search (CVE-2018-14333) is worth a look and certainly the readme on vah13/extractTVpasswords is worth a read. While you would most likely need to be physically at the computer in question, or if system was already compromised in some other way, it is possible to use this TeamViewer password exploit to later gain full control over the system remotely.

News Image

TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain sensitive information by leveraging an unattended workstation on which TeamViewer has disconnected but remains running.