Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Data Protection

Popular Remote Management Tool Allows Login Without Authentication

A remote management tool used in some enterprises can be exploited by attackers to remotely connect to a host without needing any passwords, according to a Trustwave researcher.

A remote management tool used in some enterprises can be exploited by attackers to remotely connect to a host without needing any passwords, according to a Trustwave researcher.

Many organizations use the NetSupport software to remotely manage and connect to PCs and servers from a central location. These systems normally are set up with either Domain or local credentials, and shouldn’t be accessible without the person logging in. However, if the system has NetSupport installed for remote desktop support, it most likely has the default configuration, which allows remote users to connect automatically without authentication, David Kirkpatrick, a principal consultant at Trustwave, wrote in a blog post. The software also leaks detailed information about the device, such as the hostname, version number, and the username.

With NetSupport’s default configuration, anyone can remotely connect to the system and bypass the login prompt altogether, Kirkpatrick said.

Kirkpatrick wrote a script using Nmap to check each endpoint on the network to determine if it has NetSupport installed, and whether it has the default configuration enabled. The script returns “useful NetSpport configuration settings,” such as hostname, username, and the NetSupport version number, among other things, Kirkpatrick said. An attacker could use the same script to search the network for vulnerable systems.

“I could run this script across the network and the clients would be unaware of my testing of their configuration,” Kirkpatrick said. Connecting to the system would be a little bit harder because the original user will see a pop-up on the computer indicating a new user was also connected to the system.

For an attacker to successfully compromise the machine, he or she would first need to have NetSupport Manager software installed, Kirkpatrick told SecurityWeek in an email. That isn’t difficult, as an evaluation copy is available for free. Once connected remotely, the attacker would be able to take over the systems as though he or she had control locally. The attacker could also send commands to the compromised system over the remote desktop connection and retrieve information from a Windows shell, he said. The mouse and keyboard can be shifted to the attacker’s control

It’s easier to dismiss the research as one affecting only insider threats. But the way NetSupport is wide open to abuse means its clear the software needs to be secured. The fact that a remote user can access the PC running one NetSupport product means the systems can be entirely compromised.

Advertisement. Scroll to continue reading.

NetSupport has fixed the information leakage vulnerability in later versions to require that passwords are always required to connect to an endpoint, Kirkpatrick said.

“The lesson here is that greater care should be taken when installing such powerful software that can bypass all your domain security so easily,” Kirkpatrick warned, before adding, “Of course, software providers can help by securing their default installation configurations as well.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.