Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking

mikhomikho AdministratorHosting ProviderOG

A new research has uncovered multiple critical reverse RDP vulnerabilities in Apache Guacamole, a popular remote desktop application used by system administrators to access and manage Windows and Linux machines remotely.

The reported flaws could potentially let bad actors achieve full control over the Guacamole server, intercept, and control all other connected sessions.

According to a report published by Check Point Research and shared with The Hacker News, the flaws grant "an attacker, who has already successfully compromised a computer inside the organization, to launch an attack on the Guacamole gateway when an unsuspecting worker tries to connect to an infected machine."

After the cybersecurity firm responsibly disclosed its findings to Apache, the maintainers of Guacamole, on March 31, the company released a patched version in June 2020.

Thanked by (1)Mason

Comments

  • pinging @Mason

    Thanked by (1)Mason
  • MasonMason AdministratorOG

    @beagle said:
    pinging @Mason

    Thanks for the ping, I'm surprised you remembered that I use this!

    My couple RDP boxes are on my local net, so I suppose I have other things to worry about if any of those systems become compromised :P. Time to patch!

    Head Janitor @ LES • AboutRulesSupportDonate

  • mikhomikho AdministratorHosting ProviderOG

    I remember that someone here or on LET used it, couldn’t remember who.

    Thought if I posted it, the person(s) would eventually find it. :)

    Thanked by (2)Mason vimalware
  • MasonMason AdministratorOG

    @mikho said:
    Thought if I posted it, the person(s) would eventually find it. :)

    Cheers!

    I still think about this damn song every time I see "Guacamole" lol...

    Have a splendid day!

    Thanked by (2)mikho bdl

    Head Janitor @ LES • AboutRulesSupportDonate

  • @Mason said: Thanks for the ping, I'm surprised you remembered that I use this!

    My pleasure. ;-)

    I remembered you mentioned again recently when someone asked about virtual desktop or remote coding.

Sign In or Register to comment.