On 2014-05-08 02:00, HHeilemann@xxxxxxxxx wrote:
today i remote-controlled a device with teamviewer. This is not very special. But: with me connected was another person (technican) from another company. He did some maintenance work on the device and me i simply followed him. Now, here comes the issue: the technican copies with STRG+C and STRG-V some passes between his client and the managed device. I did nothing, exept opend a notepad on my computer and hit STRG+V several times. Guess what: his clipboard entries was shown in my notepad. So: Is this a Feature or a Security Bug?
I'd argue feature, although one that can potentially be exploited if you observe someone copy/paste a password. I've inadvertently captured a user's password with local clipboard monitoring software after TeamViewer, so I can certainly understand the potential risk of information leakage.
On the flip side, this is a *very* useful feature. Ideally it would have a "Share clipboard with remote side? (Yes, no, for this session, always)" dialog the first time someone modifies the clipboard while TeamViewer is being used to give users some level of control.
-- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/