[danchik]

Please, keep calm.

Firstly I should say that it is not a claims. I just would like to help with the security issues

Sorry, may be it was a miss communiaction. In the previous post, by “passphrase” I meant Password Protection, which is already included in the Commercial License.
Password could solve the problem. Existing Password for connection (like in a Commercial License) protect from outside an unconfirmed connection. So intruder can not connect and execute code (ACE). That is how connected code execution and Password Protection

In a local networks Intruder could use that vulnerability to gain access for the system with SpaceDesk Driver if Password is not set

I hope you understand, I created this post out of the best intentions

[danchik]

Marcel, thanks for your reply!

I used an email just to communicate confidentially about that research. Sorry, if that wasn’t the correct way.

Now I have a question regarding the situation that I mentioned in my email. Are you going to add a passphrase to the Community License? That could save your users from arbitrary code execution vulnerability in SpaceDesk Driver. To make CVE public I must be shure that you already fixed vulnerability or won’t fix it

Also have a question about Mobile App. Do you need a recomendations or something like that? I can send the Proof-Of-Concept if that needed to fix it.

Contact me an email if you need proof or any else information, I just would like to help you with that issues.

[作者]

帖子