TeamViewer Windows Credential Harvesting – A New Spin on an Old Trick
CVE-2020-13699 is a high-risk vulnerability that could be exploited by remote attackers to steal system passwords and potentially compromise it, and affects the popular TeamViewer application. First discovered by researcher Jeffery Hofmann, the vulnerability is classified as an “Unquoted URI Handler,” and could be triggered by tricking victims into visiting malicious web sites. These sites would be crafted in such a way that they would trick the TeamViewer application into initiating a connection to the attacker-owned remote SMB share, meaning that the SMB authentication process would leak the system’s username, and NTLMv2 hashed version of the password to the attackers.
CVE-2020-13699 affects TeamViewer versions 8 through 15.8.2 for the Windows operating system. Project TeamViewer has released version 15.8.3 to address the issue and users are recommended to update their installed version of TeamViewer. Windows users can download the newest version of TeamViewer here.
Sources: