Download PDF version Contact company
Related Links

Researchers at Check Point have identified security flaws in Apache Guacamole, one of the world’s most popular IT infrastructures for remote work. With over 10 million downloads, the free open-source software enables remote workers to access their company’s computer network from anywhere, by using only a web browser.

Apache Guacamole software

Apache Guacamole runs on many devices, including mobile phones and tablets, giving remote workers ‘constant, world-wide, unfettered access to computers’, according to the software’s creators.

Eyal Itkin, a Vulnerability Researcher at Check Point, demonstrated that a threat actor with access to a computer inside an organisation can execute a Reverse RDP attack, an attack in which a remote PC infected with certain malware takes over a client that tries to connect to it.

Reverse RDP attack

Once in control of the gateway, an attacker could eavesdrop on all incoming sessions

In this case, the Reverse RDP attack would enable a threat actor to take control of the Apache Guacamole gateway that handles all of the remote sessions in a network. Once in control of the gateway, an attacker could eavesdrop on all incoming sessions, record all the login credentials used, and even control other sessions within the organisation.

Check Point researchers say this foothold is equivalent to gaining full control over the entire organisational network. Check Point researchers classified their findings into two attack vectors:

  • Reverse Attack Scenario: A compromised machine inside the corporate network leverages the incoming benign connection to attack the Apache gateway, aiming to take it over.
  • Malicious Worker Scenario: A rogue employee uses a computer inside the network to leverage his hold on both ends of the connection and take control of the gateway.

Data security in remote work operations

Omri Herscovici, Vulnerability Research Team Leader at Check Point said, “While the global transition to remote work is a necessity, we cannot neglect the security implications of such remote connections, especially as we enter the post-coronavirus era. This research demonstrates how a quick change in the social landscape directly affects what attackers might focus their efforts on. In this case, it’s remote work.

Omri adds, “The fact that more and more companies have externalised many internally-used services to the outside world opens a number of new potential attack vectors for threat actors. I strongly urge companies and organisations to keep their servers up-to-date to protect their remote workforces.

Check Point Research responsibly disclosed its findings to The Apache Software Foundation (Apache), the maintainers of Guacamole, on March 31, 2020. On May 12, Apache issued 2 CVE-IDs to the 4 reported vulnerabilities, and Apache has released a patched version in June 2020.

Download PDF version Download PDF version

Related videos

Upgraded feature for Xesar - Now with smartphone as well!

Upgraded feature for Xesar - Now with smartphone as well!
Enhancing government security with proactive threat detection from Wavestore

Enhancing government security with proactive threat detection from Wavestore
Join the biggest hour for Earth

Join the biggest hour for Earth

In case you missed it

What new and emerging threats do security professionals face?
What new and emerging threats do security professionals face?

There is no shortage of threats facing security professionals, including some that are new and emerging. Understanding various new threats allows individuals and organisations to t...

Real time crime centres - policing's new hub
Real time crime centres - policing's new hub

As city managers, law enforcement agencies, and first responders face mounting pressure to combat crime and respond to emergencies with limited resources, real-time crime centres e...

Mitigating cybersecurity risks in industrial control systems with Honeywell
Mitigating cybersecurity risks in industrial control systems with Honeywell

Cybersecurity threats targeting organisations' industrial control systems (ICS) are not always direct. Instead, the most vulnerable entries to an ICS can start with external partne...

Featured white papers
Access control system planning phase 2

Access control system planning phase 2

Download
Honeywell GARD USB threat report 2024

Honeywell GARD USB threat report 2024

Download
The role of artificial intelligence to transform video imaging

The role of artificial intelligence to transform video imaging

Download
SIA Identity and Biometrics Symposium

SIA Identity and Biometrics Symposium

Download
Bank security

Bank security

Download
Quick poll
Which feature is most important in a video surveillance system?
More product news
Allied Universal releases distance screening solutions for enterprises returning to operations in COVID-19 period

Allied Universal releases distance screening solutions for enterprises returning to operations in COVID-19 period
IDS enhances industrial automation with the help of Optimum datamanagement solutions GmbH

IDS enhances industrial automation with the help of Optimum datamanagement solutions GmbH
FLIR Systems announces modified thermal cameras to enhance temperature screening solutions

FLIR Systems announces modified thermal cameras to enhance temperature screening solutions
Featured products
Anviz 8MP AI-Powered Mini Dome Network Camera with 360° Clarity

Anviz 8MP AI-Powered Mini Dome Network Camera with 360° Clarity
Verkada Monitored Alarm System

Verkada Monitored Alarm System
Dahua Eyeball Network Camera with Advanced Detection

Dahua Eyeball Network Camera with Advanced Detection