TeamViewer Linux – Deletion command not properly executed after process crash
A bug has been found in TeamViewer for Linux before 15.28, that could result in an inadvertent re-use of a previously used connection password after a process crash. The bug has been fixed with version 15.28. We recommend updating your Linux client installations at the earliest convenience.
2. Vulnerability Details
|Description||TeamViewer Linux versions before 15.28 did not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password. We do not have any indication of active exploitation.|
|CVSS3.0 Score||Base Score 6.3 (medium)|
|CVSS3.0 Vector String||CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H|
3. Affected products & versions
|TeamViewer for Linux||V. 15.27 and lower||UPDATE AVAILABLE|
4. Solutions & mitigations
Update to the latest version (15.28 or higher)
5. Additional Resources
For users leveraging passwordless authentication (“Easy Access”) and/or MFA for connections the issue is not exploitable.
We thank Weaponshotgun & WildZarek very much for their research and responsible disclosure.