TTCSIRT-335.08.19.20: TT-CSIRT ADVISORY- TEAMVIEWER FLAW IN WINDOWS APP ALLOWS PASSWORD-CRACKING

A vulnerability has been discovered in TeamViewer, which could allow for offline password cracking.

TeamViewer is a program used for remote control, desktop sharing, online meetings, web conferencing, and file transfer between systems.

Successful exploitation of this vulnerability could allow an attacker to launch TeamViewer with arbitrary parameters.

The program could be forced to relay an NTLM authentication request to the attacker’s system allowing for offline rainbow table attacks and brute force cracking attempts. These attacks could lead to further exploitation due to stolen credentials from successful exploitation of this vulnerability.

To initiate the attack, the attacker could simply persuade a victim with TeamViewer installed on their system to click on crafted URL in a website – an opportunity for attackers to potentially launch watering-hole attacks.

The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3

Please see the following links for further support and a more comprehensive overview of this vulnerability:

https://threatpost.com/teamviewer-fhigh-severity-flaw-windows-app/158204/
https://www.teamviewer.com/en/support/

The Trinidad and Tobago Cyber Security Incident Response Team (TTCSIRT) encourages users and administrators to review and apply the necessary updates.

If you have any queries or comments with regards to this advisory, please feel free to contact TTCSIRT via contacts@ttcsirt.gov.tt