lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 8 May 2014 11:00:29 +0200
From: HHeilemann@...o-s.de
To: fulldisclosure@...lists.org
Subject: [FD] Discussion: Teamviewer "Feature" or "Bug"?


Hello List,

today i remote-controlled a device with teamviewer. This is not very
special. But: with me connected was another person (technican) from another
company. He did some maintenance work on the device and me i simply
followed him.

Now, here comes the issue:
the technican copies with STRG+C and STRG-V some passes between his client
and the managed device.
I did nothing, exept opend a notepad on my computer and hit STRG+V several
times.

Guess what: his clipboard entries was shown in my notepad.

So: Is this a Feature or a Security Bug?



Mit freundlichen Grüßen,
i. A. Heiko Heilemann

-----------------------------------------------------------------------------------------

PGP Fingerprint:
EA45 F8FE 05AD 2D4B DF29  B14A 80B0 D800 B0B9 D63E

PGP Key ID: B0B9D63E
-----------------------------------------------------------------------------------------


MEKO-S GmbH
Lise-Meitner-Str. 6, 28359 Bremen
Telefon:       +49 421 388 90 222
Telefax:       +49 421 388 90 19

Mail: hheilemann@...o-s.de
http://www.meko-s.de

AG Bremen, HRB 20031
Geschäftsführer:
Peter Behrens, Luigi Argentato
Ein Unternehmen der Diersch & Schröder Gruppe, Bremen


Diese Mail enthält vertrauliche oder rechtlich geschützte
Informationen. Wenn Sie nicht der Adressat sind oder diese Mail
irrtümlich erhalten haben, informieren Sie bitte den Absender
und löschen Sie diese Mail.
Das unerlaubte Kopieren oder die
Weitergabe der Daten ist nicht gestattet.

------------------------------------
This message may contain confidential or privileged material.
Any unauthorized recipient is obliged to contact the sender and
delete the message without reading, reviewing, retransmitting or
disseminating it.


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists