{"id":33367,"date":"2024-02-28T01:19:49","date_gmt":"2024-02-28T00:19:49","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=33367"},"modified":"2024-02-28T01:20:48","modified_gmt":"2024-02-28T00:20:48","slug":"teamviewer-password-vulnerability-cve-2024-0819","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2024\/02\/28\/teamviewer-password-vulnerability-cve-2024-0819\/","title":{"rendered":"TeamViewer password vulnerability CVE-2024-0819"},"content":{"rendered":"

\"Stop[German<\/a>]A short warning to readers who use the TeamViewer remote maintenance software still with a \"personal password\". The client for Windows should urgently be updated to version 15.51.5. The manufacturer has published a security notice stating that older software versions only offer incomplete protection of personal password settings. Here are the details what you need to know.<\/p>\n

<\/p>\n

\"\"TeamViewer<\/a> is a proprietary software for remote access, remote control and remote maintenance of computers and other end devices that was released in 2005. I came across the information via the following tweet that TeamViewer has published the security warningTV-2024-1001<\/a> (Incomplete protection of personal password settings<\/em>) .<\/p>\n

\"TeamViewer<\/p>\n

The provider TeamViewer warns of the vulnerability CVE-2024-0819<\/a> in its remote maintenance client for Windows, Linux and macOS. By improperly initialising the default settings in the TeamViewer Remote Client prior to version 15.51.5 for Windows, Linux and macOS, a user with low privileges can increase their rights. This is possible by changing the setting for the personal password and establishing a remote connection to a logged-in admin account, according to the NIST page.<\/p>\n

The vendor is a little more specific and writes that a vulnerability was found in the TeamViewer client prior to version 15.51.5 that could allow an unprivileged user on a multi-user system to set a personal password.<\/p>\n

In the Teamviewer client prior to version 15.51.5, access to the personal password setting does not require administrator rights. A low privileged user on a multi-user system who has access to the client can set a personal password. This may allow an unprivileged user to establish a remote connection to other currently logged in users on the same system.<\/p>\n

The vulnerability has a CVSS 3.0 score of 7.8 (High) and affects all client versions prior to version 15.51.5 that use a personal password. The problem has been fixed with version 15.51.5..<\/p>\n