Security Issue - Linux Remote System Doesn't Properly Lock On Disconnect?

Announcements

A new TeamViewer version for Windows has been released. Read the Change Log for 15.7.7 here!

Highlighted
Posted by
Henagon

Security Issue - Linux Remote System Doesn't Properly Lock On Disconnect?

I'm a long-time Windows user who just moved over to Linux. Right out of the gate (unless I'm missing something), there seems to be a pretty big security issue:

*If I connect to a Linux host system from a remote Windows client, then disconnect, the remote Linux system doesn't lock. This is despite the Windows client being explicitly configured as: Extras->Options->Advanced->Lock remote computer=Always. In other words, the software leads you to believe that the remote will should be locked - but it's NOT actually locked. When you disconnect, the Linux machine is left sitting there just logged-in, such that anyone who happens to walk up can now begin using it. And you might not ever know.  Likewise, if your remote connection drops, you might not even have a way to login & manually re-lock the host.

*Related, when connected to the Linux PC, Actions->Lock->Lock on session end is greyed. So it seems like there's no way to even proactively make your connection "safe" - aka to ensure it doesn't ever remain unlocked at the remote destination.

On Windows, hosts don't behave in such an insecure way; as soon as the client drops, whether they explicitly logout or the connection drops, the remote PC locks. This means you can connect from anywhere - i.e. even mobile clients - with confidence that the remote machine won't be left sitting unlocked.

Is there no way to have Linux hosts be the same?

2 Replies
2 Replies
Highlighted
Posted by
Henagon

Re: Security Issue - Linux Remote System Doesn't Properly Lock On Disconnect?

...I reported this 3 weeks ago, still no reply. I tried reporting it directly to TeamViewer, but the Ticket link just redirects me back to this community support. I also tried submitting it to Sales, because it seems to be the only actual way they have to get in touch with them directly - but that was ignored.

Is there no way to report security issues to them which they won't simply ignore...?

Highlighted
Posted by
Henagon

Re: Security Issue - Linux Remote System Doesn't Properly Lock On Disconnect?

Seven weeks, TeamViewer continues to simply ignore/disregard this issue report (both here and submitted directly).  I'm beyond baffled. How on earth do they expect to address issues if there isn't even a proper way to report them?