CVE-2018-16550
Summary
| CVE | CVE-2018-16550 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-09-05 22:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Teamviewer | Teamviewer | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Vahagn Vardanian ⚡️ na Twitterze: "TeamViewer bans your ID if you will try to connect with the wrong password and close the connection 10 times, but if you don't finalization a connection (on the screen "Cancel" button), you can brute 4-digit PIN-code. cmd "C:\PF\TeamViewer\TeamViewer.exe" -i %ID% -P %PIN%… https://t.co/Gntkn7LMzs" | MISC | twitter.com | Issue Tracking, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 590595 VISAM VBASE Editor Multiple Vulnerabilities (ICSA-21-308-01)