|Title:||TeamViewer Password Storage 'teamviewer.exe' Information Disclosure Vulnerability (Windows)|
|Summary:||The host is installed with TeamViewer; Premium is prone to information disclosure vulnerability.|
The host is installed with TeamViewer
Premium is prone to information disclosure vulnerability.
The flaw is due to TeamViewer stores a
password in Unicode format within TeamViewer.exe process memory between
'[00 88]' and '[00 00 00]' delimiters, which allows attackers to obtain
sensitive information by leveraging an unattended workstation on which
TeamViewer has disconnected but remains running.
Successful exploitation would allow attackers
to obtain sensitive information
TeamViewer versions through 13.1.1548 on Windows.
As a workaround disable the underlying feature by unchecking the checkbox
Temporarily save connection passwords via the path Extras -> Options -> Advanced -> Advanced settings for
connections to other computers.
Common Vulnerability Exposure (CVE) ID: CVE-2018-14333|
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 73533 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.