Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking
A new research has uncovered multiple critical reverse RDP vulnerabilities in Apache Guacamole, a popular remote desktop application used by system administrators to access and manage Windows and Linux machines remotely.
The reported flaws could potentially let bad actors achieve full control over the Guacamole server, intercept, and control all other connected sessions.
According to a report published by Check Point Research and shared with The Hacker News, the flaws grant "an attacker, who has already successfully compromised a computer inside the organization, to launch an attack on the Guacamole gateway when an unsuspecting worker tries to connect to an infected machine."
After the cybersecurity firm responsibly disclosed its findings to Apache, the maintainers of Guacamole, on March 31, the company released a patched version in June 2020.
Comments
pinging @Mason
Thanks for the ping, I'm surprised you remembered that I use this!
My couple RDP boxes are on my local net, so I suppose I have other things to worry about if any of those systems become compromised :P. Time to patch!
Humble janitor of LES
Proud papa of YABS
I remember that someone here or on LET used it, couldn’t remember who.
Thought if I posted it, the person(s) would eventually find it.
https://clients.mrvm.net
Cheers!
I still think about this damn song every time I see "Guacamole" lol...
Have a splendid day!
Humble janitor of LES
Proud papa of YABS
My pleasure. ;-)
I remembered you mentioned again recently when someone asked about virtual desktop or remote coding.