TEAMVIEWER VULNERABILITY COULD ALLOW OFFLINE PASSWORD CRACKING
Successful exploitation of this high-risk vulnerability could allow a remote attacker to crack users’ passwords and, consequently, lead to further system exploitation. This vulnerability impacts government entities including large, medium and small businesses.
TeamViewer is an application used for remote control, desktop sharing, online meetings, web conference and file transfer between systems.
This vulnerability is due to the program not properly quoting its customer Uniformed Resources Identifier (URI) handlers and could be exploited when the system visits a malicious website. An attacker could include a malicious iframe in a website with a crafted URL that would launch the TeamViewer desktop client and force it to open a remote SMB share. Windows will then launch an NTLM authentication request to the attacker’s system allowing for offline rainbow table attacks and brute force cracking attempts.
CERT.be recommends to system administrators to update their software to the most recent version available (at least version 15.8.4).