Statement on recent brute-force research

Announcements

TeamViewer 14 - Preview has been released! Download here

Posted by Community Manager
Community Manager

Statement on recent brute-force research

Dear TeamViewer Community,

We are aware of the brute-force vulnerability that was brought to our attention by a security researcher. Data security has top priority at TeamViewer. Therefore, we are currently evaluating this case and will inform our users as soon as we have an appropriate solution.

For the time being, users can strengthen their passwords by going to Extras | Options | Security | password strength and select a password strength of 6 characters and above.

Please find out more about setting up strong passwords on our community : All about passwords. As with every software, our recommendation is to have strong passwords to protect your devices.

Best regards,

Esther

Community Manager


Did my reply answer your question? Accept it as a solution to help others.
Find this helpful? Say thanks by clicking on the Thumbs Up button.


 


Additional information can be found here: Knowledge Base | Community Blog | How to get started 

Japanese Community (日本語コミュニティ) |  Chinese Community (中文社区)

1 Accepted Solution

Accepted Solutions
Highlighted
Posted by Senior Moderator Senior Moderator
Senior Moderator
Solution

Re: Statement on recent brute-force research

Hi everyone,

A patch for the issue is currently being rolled out for TV13 and an expanding range of legacy versions. To trigger the update, open TeamViewer and click on “help > check for new version”.

On a side note, and to adapt to nowadays technological reality, we changed the default password setting from 4 to 6 characters. Users will still be able to use a 4 digit password, however they will have to proactively reduce the password strength.

All the best,
-Scotty

Senior Moderator
Did my reply answer your question? Why not accept it as a solution to help others?
3 Replies
6 Replies
Posted by rdubois
Photon

Re: Statement on recent brute-force research

Dear,

Is there an update regarding this potential vulnerability ? Is it confirmed ?

regards,

R. Dubois

Posted by Community Manager
Community Manager

Re: Statement on recent brute-force research

Hi @rdubois

We are working on a solution which will be provided soon.

There is an option to avoid this by default and we recommend this in the meantime. 

Please find out more about setting up strong passwords on our community : All about passwords. As with every software, our recommendation is to have strong passwords to protect your devices.

Best, Esther

Community Manager


Did my reply answer your question? Accept it as a solution to help others.
Find this helpful? Say thanks by clicking on the Thumbs Up button.


 


Additional information can be found here: Knowledge Base | Community Blog | How to get started 

Japanese Community (日本語コミュニティ) |  Chinese Community (中文社区)

Highlighted
Posted by Senior Moderator Senior Moderator
Senior Moderator
Solution

Re: Statement on recent brute-force research

Hi everyone,

A patch for the issue is currently being rolled out for TV13 and an expanding range of legacy versions. To trigger the update, open TeamViewer and click on “help > check for new version”.

On a side note, and to adapt to nowadays technological reality, we changed the default password setting from 4 to 6 characters. Users will still be able to use a 4 digit password, however they will have to proactively reduce the password strength.

All the best,
-Scotty

Senior Moderator
Did my reply answer your question? Why not accept it as a solution to help others?
3 Replies
Posted by kjulson
Henagon

Re: Statement on recent brute-force research

There seems to be a big disconnect on who you think your users are Scotty. "To trigger the update, open TeamViewer and click on “help > check for new version”." Do you really think that is the best upgrade option for businesses with hundreds of installations?

Also, you are assuming that everyone is on version 13. Any previous version performing your suggested "upgrade method" will install version 13 which they are not licensed for. Now they cannot connect to their remote systems. Obviously not much thought was given on the content of this post.

How about we do this a little more professionally and give links to download the various versions?

Posted by Community Manager
Community Manager

Re: Statement on recent brute-force research

Hi all,

we enabled the auto-update for the most recent TeamViewer update which includes the patch for the issue.

The update will be installed automatically on all TeamViewer clients which have the auto-update enabled under Extras --> Options --> Advanced --> Show advanced options --> Check for new versions: Daily and Install new versions automatically --> Updates within this major version or All updates.

Please be aware that the auto-update might take a few days until it reaches all clients.

We are working on further extending the fix as much as we can.

Thanks and all the best, Esther

Community Manager


Did my reply answer your question? Accept it as a solution to help others.
Find this helpful? Say thanks by clicking on the Thumbs Up button.


 


Additional information can be found here: Knowledge Base | Community Blog | How to get started 

Japanese Community (日本語コミュニティ) |  Chinese Community (中文社区)

Posted by thop
Electron

Re: Statement on recent brute-force research

Hi Esther

 

Our user network have installed version 7 TeamViewer clients using the custom module, ie. with our logo and provides a simplified interface.

The simplified interface does not provide a 'check for updates' option.

Does it have any auto-update facility built in?

If not, is our only means to contact our user base and ask them to manually update their software?

Many thanks for your help

Kind regards

Tom