| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 08 May 2014 11:18:03 -0700 From: Dave Warren <davew@...eahit.com> To: fulldisclosure@...lists.org, HHeilemann@...o-s.de Subject: Re: [FD] Discussion: Teamviewer "Feature" or "Bug"? On 2014-05-08 02:00, HHeilemann@...o-s.de wrote: > today i remote-controlled a device with teamviewer. This is not very > special. But: with me connected was another person (technican) from another > company. He did some maintenance work on the device and me i simply > followed him. > > Now, here comes the issue: > the technican copies with STRG+C and STRG-V some passes between his client > and the managed device. > I did nothing, exept opend a notepad on my computer and hit STRG+V several > times. > > Guess what: his clipboard entries was shown in my notepad. > > So: Is this a Feature or a Security Bug? > I'd argue feature, although one that can potentially be exploited if you observe someone copy/paste a password. I've inadvertently captured a user's password with local clipboard monitoring software after TeamViewer, so I can certainly understand the potential risk of information leakage. On the flip side, this is a *very* useful feature. Ideally it would have a "Share clipboard with remote side? (Yes, no, for this session, always)" dialog the first time someone modifies the clipboard while TeamViewer is being used to give users some level of control. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists