Authentication vulnerability found in NetSupport PC management software

A person using NetSupport desktop management software may not need a password to connect remotely to another computer using the same application.

David Kirkpatrick, a principal security consultant for Trustwave, discovered the vulnerability while doing penetration testing for a customer using NetSupport. IT departments use the application to take control of employees' PCs, in order to perform maintenance or fix a problem.

After installing the software on his own computer, Kirkpatrick found that the default configuration of the application did not require a password for connecting computers running NetSupport.

Essentially, someone using the software could bypass any domain or local credentials to remotely connect to the PC and compromise it, Kirkpatrick said.

The next question was whether someone could find vulnerable computers on a network. Using NetSupport's scripting language and management tool, Kirkpatrick scanned a test network of computers and was able to find all vulnerable systems.

Kirkpatrick then tested whether someone using a tool other than NetSupport could also find vulnerable computers. He wrote a basic Nmap script and used Wireshark, an open-source packet analyzer, to make an inventory request of computers on the customer's corporate network.

The information returned told Kirkpatrick whether a computer was running a default configuration of NetSupport, as well as the version of the software, the username, the host name of the PC and the encrypted password.

"The information that's returned is the vulnerability, essentially, because all I was doing in my Nmap script was sending the command, get inventory, and I was getting a response," Kirkpatrick said Friday.

Once notified, NetSupport issued a fix, which amounted to requiring a password to connect to a remote computer.

"My Nmap script no longer works, but I haven't been able to determine why that's the case," Kirkpatrick said.

NetSupport could not be reached for comment. Technical details of Kirkpatrick's work are in his Trustwave blog.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags vulnerability disclosuretrustwaveapplication securityAccess control and authenticationsoftware bugsapplication security best practices

More about Trustwave

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

More videos

Blog Posts