Verfasste Forenbeiträge

Ansicht von 2 Beiträgen – 1 bis 2 (von insgesamt 2)
  • Autor
    Beiträge
  • als Antwort auf: CVE in SpaceDesk #27390
    danchik
    Gesperrt

    Please, keep calm.

    Firstly I should say that it is not a claims. I just would like to help with the security issues

    Sorry, may be it was a miss communiaction. In the previous post, by „passphrase“ I meant Password Protection, which is already included in the Commercial License.
    Password could solve the problem. Existing Password for connection (like in a Commercial License) protect from outside an unconfirmed connection. So intruder can not connect and execute code (ACE). That is how connected code execution and Password Protection

    In a local networks Intruder could use that vulnerability to gain access for the system with SpaceDesk Driver if Password is not set

    I hope you understand, I created this post out of the best intentions

    als Antwort auf: CVE in SpaceDesk #27385
    danchik
    Gesperrt

    Marcel, thanks for your reply!

    I used an email just to communicate confidentially about that research. Sorry, if that wasn’t the correct way.

    Now I have a question regarding the situation that I mentioned in my email. Are you going to add a passphrase to the Community License? That could save your users from arbitrary code execution vulnerability in SpaceDesk Driver. To make CVE public I must be shure that you already fixed vulnerability or won’t fix it

    Also have a question about Mobile App. Do you need a recomendations or something like that? I can send the Proof-Of-Concept if that needed to fix it.

    Contact me an email if you need proof or any else information, I just would like to help you with that issues.

Ansicht von 2 Beiträgen – 1 bis 2 (von insgesamt 2)