已创建论坛回复

正在查看 2 个帖子:1-2 (共 2 个帖子)
  • 作者
    帖子
  • 回复至: CVE in SpaceDesk #27390
    danchik
    禁闭

    Please, keep calm.

    Firstly I should say that it is not a claims. I just would like to help with the security issues

    Sorry, may be it was a miss communiaction. In the previous post, by “passphrase” I meant Password Protection, which is already included in the Commercial License.
    Password could solve the problem. Existing Password for connection (like in a Commercial License) protect from outside an unconfirmed connection. So intruder can not connect and execute code (ACE). That is how connected code execution and Password Protection

    In a local networks Intruder could use that vulnerability to gain access for the system with SpaceDesk Driver if Password is not set

    I hope you understand, I created this post out of the best intentions

    回复至: CVE in SpaceDesk #27385
    danchik
    禁闭

    Marcel, thanks for your reply!

    I used an email just to communicate confidentially about that research. Sorry, if that wasn’t the correct way.

    Now I have a question regarding the situation that I mentioned in my email. Are you going to add a passphrase to the Community License? That could save your users from arbitrary code execution vulnerability in SpaceDesk Driver. To make CVE public I must be shure that you already fixed vulnerability or won’t fix it

    Also have a question about Mobile App. Do you need a recomendations or something like that? I can send the Proof-Of-Concept if that needed to fix it.

    Contact me an email if you need proof or any else information, I just would like to help you with that issues.

正在查看 2 个帖子:1-2 (共 2 个帖子)