Posted by Community Manager
Community Manager

Reaction to CVE-2018-143333

Hi all,

Data security has top priority for TeamViewer.

We are reviewing the disclosure associated with CVE-2018-143333 and are evaluating the feature to determine if actions are needed.

The scenario described refers to a usability feature that could only be subject to misuse if attackers had previously gained full control over the PC on which the password is cached. At the moment, we do not consider the issue to be critical. 

The underlying feature is available to all users and can be deactivated by unchecking the checkbox Temporarily save connection passwords via the path Extras -> Options -> Advanced -> Advanced settings for connections to other computers.

All the best,

Esther

Community Manager


Did my reply answer your question? Accept it as a solution to help others.
Find this helpful? Say thanks by clicking on the Thumbs Up button. Find more information here: Knowledge Base | Community Blog | How to get started


English Community |  German Community (Deutschsprachig) | Japanese Community (日本語コミュニティ) |  Chinese Community (中文社区) | French Community (Communauté française) |

3 Replies
3 Replies
Posted by Community Manager
Community Manager

UPDATE: Reaction to CVE-2018-143333

Hi all,

I would like to post an update to CVE-2018-143333: 

After thoroughly reviewing the disclosure associated with CVE-2018-143333, we have decided to take a quick measure to improve this feature.

The technical improvement consists of an automated clearance of the cached password from memory after 5 minutes.

The changes to the feature are currently in the customer testing phase and will be available by next week.

Apart from the improvement, users still have the option to disable the feature entirely following the instructions published above- by unchecking the checkbox Temporarily save connection passwords via the path Extras -> Options -> Advanced -> Advanced settings for connections to other computers.

All the best,

Esther

Community Manager


Did my reply answer your question? Accept it as a solution to help others.
Find this helpful? Say thanks by clicking on the Thumbs Up button. Find more information here: Knowledge Base | Community Blog | How to get started


English Community |  German Community (Deutschsprachig) | Japanese Community (日本語コミュニティ) |  Chinese Community (中文社区) | French Community (Communauté française) |

Posted by kkaz
Henagon

Re: UPDATE: Reaction to CVE-2018-143333

we use QS version with proxy, integration with AD. are we also vulnerable to this leak?

Posted by Jana_S
Photon

Re: UPDATE: Reaction to CVE-2018-143333

Hi Esther,

Does the latest update for TeamViewer 12 (12.1.29852) address this vulnerability? 

Thanks,
- Jana