windows

Remote Command Execution on RemotePC for Windows

During an audit we executed in 2019, we had to test a deployment where a third-party company had to remotely connect to special purpose computers to perform maintenance. At the time, they had chosen a software called RemotePC to remotely login into these special purpose computers rather than relying on RDP. RemotePC is a a remote desktop software that lets a support agent remotely connect to a computer and take control of keyboard, mouse, and screen. It's quite similar to TeamViewer.

Transport security fell into the scope of this specific audit so we covered all communication channels established by RemotePC clients. Turns out RemotePC Windows client does not properly validates SSL certificates, allowing a man-in-the-middle attacker to:

  • capture credentials when user logs in with remotepc account
  • observe the remotely accessed desktop, inject keystrokes and mouse events
  • hijack the auto-update mechanism in order to get the RemotePC client to execute an arbitrary executable, leading to remote command execution

All versions prior to 7.6.26-28/04/20 are vulnerable. We strongly recommend anyone using RemotePC to update to the latest version available at https://www.remotepc.com/download.htm

Subscribe to RSS - windows