Possible attack vector?
Just joining together a few threads:
- Apparently you can connect to TeamViewer clients by IP address. It's not restricted to the registered account (by default)
- Apparently TeamViewer sets a less-than-random 4-digit one-time use password for remote access (by default)
I did not know either of these things. It seems you have to go into the settings to remove the OTUP if you don't want it and enable whitelisting to prevent connections by IP address.
So, if you can somehow get a list of IPs using TeamViewer (using a DNS DDOS, perchance?) and you've semi-cracked the "random" OTUP generator, then you're in.
Does this sound feasible? I'm unconvinced that this is a simple password re-use problem, despite what TeamViewer are claiming.
Biting the hand that feeds IT
