Full Disclosure mailing list archives
Re: Discussion: Teamviewer "Feature" or "Bug"?
From: Keith I Myers <keithiokepamyers () gmail com>
Date: Thu, 8 May 2014 13:55:25 -0400
Good Afternoon, This sounds more like a feature than a bug as it is present is most "live support" software such as LogMeIn Rescue, Bomgar, etc. Most of these applications have controls to limit clipboard sharing. Some even have restrictions on bidirectional sharing. There are a number of legitimate uses for Shared Clipboards such as sending long URLs, pasting command line arguments and more. In hindsight, techs who use Live Support software should be conscious of what may be contained in their clipboard as it is possible that they could accidentally expose confidential information that they may have previously pasted into an email. On Thu, May 8, 2014 at 5:00 AM, <HHeilemann () meko-s de> wrote:
Hello List, today i remote-controlled a device with teamviewer. This is not very special. But: with me connected was another person (technican) from another company. He did some maintenance work on the device and me i simply followed him. Now, here comes the issue: the technican copies with STRG+C and STRG-V some passes between his client and the managed device. I did nothing, exept opend a notepad on my computer and hit STRG+V several times. Guess what: his clipboard entries was shown in my notepad. So: Is this a Feature or a Security Bug? Mit freundlichen Grüßen, i. A. Heiko Heilemann ----------------------------------------------------------------------------------------- PGP Fingerprint: EA45 F8FE 05AD 2D4B DF29 B14A 80B0 D800 B0B9 D63E PGP Key ID: B0B9D63E ----------------------------------------------------------------------------------------- MEKO-S GmbH Lise-Meitner-Str. 6, 28359 Bremen Telefon: +49 421 388 90 222 Telefax: +49 421 388 90 19 Mail: hheilemann () meko-s de http://www.meko-s.de AG Bremen, HRB 20031 Geschäftsführer: Peter Behrens, Luigi Argentato Ein Unternehmen der Diersch & Schröder Gruppe, Bremen Diese Mail enthält vertrauliche oder rechtlich geschützte Informationen. Wenn Sie nicht der Adressat sind oder diese Mail irrtümlich erhalten haben, informieren Sie bitte den Absender und löschen Sie diese Mail. Das unerlaubte Kopieren oder die Weitergabe der Daten ist nicht gestattet. ------------------------------------ This message may contain confidential or privileged material. Any unauthorized recipient is obliged to contact the sender and delete the message without reading, reviewing, retransmitting or disseminating it. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
-- Keith Myers Mobile : (305) 929-3475 EMail : KeithIokepaMyers () GMail com +Keith I Myers <http://plus.kmyers.me> _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Discussion: Teamviewer "Feature" or "Bug"? HHeilemann (May 08)
- Re: Discussion: Teamviewer "Feature" or "Bug"? Prototype This (May 08)
- Re: Discussion: Teamviewer "Feature" or "Bug"? Keith I Myers (May 08)
- Re: Discussion: Teamviewer "Feature" or "Bug"? Dave Warren (May 08)