Multiple critical reverse RDP vulnerabilities in Apache Guacamole cause remote desktop at risk of hacking
Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. You can access your desktop from anywhere the Guacamole client is an HTML5 web application, the use of your computers is not tied to any one device or location. As long as you have access to a web browser, you have access to your machines. Desktops accessed through Guacamole need not physically exist. With both Guacamole and a desktop operating system hosted in the cloud, you can combine the convenience of Guacamole with the resilience and flexibility of cloud computing.
According to research done by Check Point, the Apache Guacamole had been found vulnerable to multiple critical flaws that can cause remote desktop at risk of hacking. If the threat actor exploits these vulnerabilities then they can achieve full control over the Guacamole server, intercept, and control all other connected sessions.
We chose two different remote access solutions, so in the event of one failing, we would have redundancy and an alternative to enable work to continue. One of the solutions was based on open-source Apache Guacamole, the popular clientless remote desktop gateway that supports standard protocols like VNC, RDP, and SSH, together with MFA (Multi Factor Authentication), compliance checks on the BYOD side, and several security controls like IPS, SOC anomaly detections and many more.
siad the researcher
According to Click Point, Apache Guacamole has over 10 million of its docker downloads worldwide, the researchers found that some of Guacamole’s ingredients didn’t meet the required security standards. In particular, it was vulnerable to several critical Reverse RDP Vulnerabilities and affected by multiple new vulnerabilities found in FreeRDP.
The two attacks that were been discovered by Check Point researchers are below:
- Reverse Attack Scenario: A compromised machine inside the corporate network will leverage the incoming benign connection and attack back via the gateway, aiming to take it over.
- Malicious Worker Scenario: A malicious employee, together with his malicious computer inside the network, can leverage his hold on both ends of the connection in order to take over the gateway
The Software company informed about the flaws to Apache on 31st March 2020 and the company patched the issues in June 2020. Meanwhile, the researchers said all Guacamole versions released before January 2020 consists of the flaws.
If you use Apache Guacamole then it is recommended to update it to the latest version which comes with the patch. For more news on tech and cybersecurity stay tuned at Android Rookies by subscribing to our newsletter from here.