Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Popular Remote Management Tool Allows Login Without Authentication

A remote management tool used in some enterprises can be exploited by attackers to remotely connect to a host without needing any passwords, according to a Trustwave researcher.

A remote management tool used in some enterprises can be exploited by attackers to remotely connect to a host without needing any passwords, according to a Trustwave researcher.

Many organizations use the NetSupport software to remotely manage and connect to PCs and servers from a central location. These systems normally are set up with either Domain or local credentials, and shouldn’t be accessible without the person logging in. However, if the system has NetSupport installed for remote desktop support, it most likely has the default configuration, which allows remote users to connect automatically without authentication, David Kirkpatrick, a principal consultant at Trustwave, wrote in a blog post. The software also leaks detailed information about the device, such as the hostname, version number, and the username.

With NetSupport’s default configuration, anyone can remotely connect to the system and bypass the login prompt altogether, Kirkpatrick said.

Kirkpatrick wrote a script using Nmap to check each endpoint on the network to determine if it has NetSupport installed, and whether it has the default configuration enabled. The script returns “useful NetSpport configuration settings,” such as hostname, username, and the NetSupport version number, among other things, Kirkpatrick said. An attacker could use the same script to search the network for vulnerable systems.

“I could run this script across the network and the clients would be unaware of my testing of their configuration,” Kirkpatrick said. Connecting to the system would be a little bit harder because the original user will see a pop-up on the computer indicating a new user was also connected to the system.

For an attacker to successfully compromise the machine, he or she would first need to have NetSupport Manager software installed, Kirkpatrick told SecurityWeek in an email. That isn’t difficult, as an evaluation copy is available for free. Once connected remotely, the attacker would be able to take over the systems as though he or she had control locally. The attacker could also send commands to the compromised system over the remote desktop connection and retrieve information from a Windows shell, he said. The mouse and keyboard can be shifted to the attacker’s control

It’s easier to dismiss the research as one affecting only insider threats. But the way NetSupport is wide open to abuse means its clear the software needs to be secured. The fact that a remote user can access the PC running one NetSupport product means the systems can be entirely compromised.

NetSupport has fixed the information leakage vulnerability in later versions to require that passwords are always required to connect to an endpoint, Kirkpatrick said.

Advertisement. Scroll to continue reading.

“The lesson here is that greater care should be taken when installing such powerful software that can bypass all your domain security so easily,” Kirkpatrick warned, before adding, “Of course, software providers can help by securing their default installation configurations as well.”

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...