Security News

Check Point Research Finds Security Flaws in Apache’s Remote Desktop Gateway

Check Point researchers have found security flaws in one of the world’s most popular IT infrastructures for remote work. Through the vulnerabilities, threat actors could eavesdrop on remote sessions, record credentials used, and control computers within the organization.

Vulnerabilities found in Apache Guacamole, a free and open sourced software with over 10 million downloads. Two attack vectors applicable in what researchers say lead to “full control over the entire organizational network”
Security flaws now fixed; Researchers urge organizations everywhere to update their corporate servers now.

Researchers at Check Point identified security flaws in Apache Guacamole, one of the world’s most popular IT infrastructures for remote work. With over 10 million downloads, the free and open sourced software enables remote workers to access their

Eyal Itkin, a Vulnerability Researcher at Check Point, demonstrated that a threat actor with access to a computer inside an organization, can execute a Reverse RDP attack, an attack in which a remote PC infected with certain malware takes over a client that tries to connect to it. In this case, the Reverse RDP attack would enable a threat actor to take control of the Apache Guacamole gateway that handles all of the remote sessions in a network.

Once in control of the gateway, an attacker could eavesdrop on all incoming sessions, record all the credentials used, and even control other sessions within the organization. Researchers say this foothold is equivalent to gaining full control over the entire organizational network.

Two Attack Vectors

Check Point researchers classified their findings into two attack vectors:

Reverse Attack Scenario: A compromised machine inside the corporate network leverages the incoming benign connection to attack the Apache gateway, aiming to take it over.
Malicious Worker Scenario: A rogue employee uses a computer inside the network to leverage his hold on both ends of the connection and take control of the gateway.

The fact that more and more companies have externalized many internally-used services to the outside world opens a number of new potential attack surfaces for threat actors. I strongly urge companies and organizations to keep their servers up-to-date to protect their remote workforces.”

(Image Courtesy: www.image.freepik.com)

Leave a Comment

Your email address will not be published.

You may also like