Check Point flags security flaws in remote working software Apache Guacamole

Check Point flags security flaws in remote working software Apache Guacamole
Photo Credit: Pixabay
3 Jul, 2020

Researchers from Tel Aviv-based security solutions firm Check Point said they have identified security flaws in Apache Guacamole, a browser-accessible remote working IT infrastructure with over 10 million docker downloads globally. 

A docker makes it easier to create, deploy and run applications using containers. 

On March 31, the security company alerted Apache Guacamole of two attack vectors that could give hackers “full control over its entire organisational network”, as per a statement. 

The firm, which offers an open source software that allows remote workers to access their company’s network through a browser on smartphones and laptops, said it released a patched version in June to fix the flaws.

“Within 24 hours from the finding and testing, we implemented the security fix and became the first production environment to be secured against this security vulnerability,” Jonathan Fischbein, chief information security officer at Check Point, said in a company blog post. 

Read: Despite enhanced security plans, enterprises’ ability to respond to cyberattacks declines: IBM

One of the attack vectors would have allowed cybercriminals to eavesdrop on remote sessions, gain access to sensitive credentials and control computers in the organisation, it said. The other, discovered by researcher Eyal Itkin, could also allow threat actors to execute a reverse remote desktop protocol (RDP) attack, it added.

A reverse RDP attack is one where a remote computer infected with malware aims to take over a client’s device that tries to connect to it -- much like how a virus spreads. In this particular instance, the reverse RDP attack would enable a threat module in the Apache Guacamole gateway, which handles all the remote sessions in a network.

“This research demonstrates how a quick change in the social landscape directly affects what attackers might focus their efforts on. In this case, it’s remote work,” Omri Herscovici, vulnerability research team leader at Check Point, said.

Read: Govt agency warns against Covid-19 phishing attack that may impact millions 

“We strongly recommend that everyone makes sure that all servers are up-to-date, and that whatever technology used for working from home is fully patched to block such attack attempts,” researcher Itkin added.