Posted by webking
Photon

Encryption and security of TeamViewer

Hello everybody,

I am performing some comparison among remote management tools based on Windows platform. In particular I am evaulating the security aspects of such software. By using some tracing systems I was able to detect the Registry Hive where TeamViewer stores the permanent password for unattended access and the optional passwords for remote access (Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TeamViewer: MultiPwdMgmtPwdData). 

Now, I would like to understand what is the security process adopted by Teamviewer when dealing with password storage and protection. Within the registry key Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TeamViewer there are a number of keys. Here some questions:

  1. MultiPwdMgmtPwdData seems to be a base64 encoded value. Is that a hashed password? If so, what hash algIt is used? 
  2. Is Windows Data Protection API used to encrypt any of the data among the Registry Keys in Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TeamViewer?
  3. What are PK and SK keys in Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TeamViewer?

Finally, in case I wanted to replace my old permanent password directly on the registry, what would be the operations that should I execute? I would guess: DPAPI_Protect(HASH(clearPassword))).

Regards,

Alberto.

1 Reply
Highlighted
Posted by Senior Moderator Senior Moderator
Senior Moderator

Re: Encryption and security of TeamViewer

Hi Webking,

Thank you for your post.

Unfortunately, we are unable to provide some of the information you requested as this information is sensitive to the security of our software.

We can however provide you with some comments that should address your questions:

  1. This is entry refers to the additional fixed passwords that you set up, the value is SRP protected
  2. The keys are SRP protected.
  3. These keys exist to allow backward compatibility but are not used in later versions.

In regards to your final point, the software will not allow you to change the password with a reg key change or script.

It is only possible to set a password either in the software itself, or by using the import function of a reg file that was created by the TeamViewer export function, external scripts are not possible.

The import/export function can be found in the software under advanced.

I hope this answers this for you.
-Scotty

Senior Moderator
Did my reply answer your question? Why not accept it as a solution to help others?