Security flaw in Teamviewer

According to evidence found and exploited, there is a vulnerability in the Teamviewer remote access program.

TeamViewer is a remote access software to servers and computers remotely, eliminating the need for a technician to personally and / or physically go to the equipment to make the necessary adjustments.

Although the servers have embedded remote access solutions, many of them need to be enabled and configured on the network to which they are located, such as routers, network equipment, firewall, among others, opening doors until they reach the server, in addition to being very often necessary a fixed IP address, which makes the value of the internet more expensive.
TeamViewer is practical because it bridges the central servers of the software, which interconnect client - client from an external server used only to perform the interconnection between the two bridges, without any firewall configuration.

Of course, there are firewall rules so strict that they can even block TeamViewer, but if there are no exit rules, and only data entry, TeamViewer normally serves, quickly, with just an "ID" code that is an identification equipment, based on physical characteristics and the operating system in which it was installed.

According to the PPLWare website, a website in Portugal, the information was released on December 6th, and other websites confirmed the presence of the security breach, and it is critical.

Immediate updating of the version is recommended, or if companies use older versions, try to disregard their use updated to the latest version that have updated security definitions.

Updated and patched versions already exist that are not affected by the vulnerability.

Bearing in mind that TeamViewer is software considered technically high risk, and should be used only by a computer technician or computer specialist, who understands its risks and natural exposures in controlling equipment and having access to an organization's internal network without the due restrictions and mandatory policies.

More info: 

No comments