Researchers at Check Point have identified security flaws in Apache Guacamole, one of the world’s most popular IT infrastructures for remote work. With over 10 million downloads, the free open-source software enables remote workers to access their company’s computer network from anywhere, by using only a web browser. Apache Guacamole software Apache Guacamole runs on many devices, including mobile phones and tablets, giving remote workers ‘constant, world-wide, unfettered access to computers’, according to the software’s creators. Eyal Itkin, a Vulnerability Researcher at Check Point, demonstrated that a threat actor with access to a computer inside an organization can execute a Reverse RDP attack, an attack in which a remote PC infected with certain malware takes over a client that tries to connect to it. Reverse RDP attack Once in control of the gateway, an attacker could eavesdrop on all incoming sessions In this case, the Reverse RDP attack would enable a threat actor to take control of the Apache Guacamole gateway that handles all of the remote sessions in a network. Once in control of the gateway, an attacker could eavesdrop on all incoming sessions, record all the login credentials used, and even control other sessions within the organization. Check Point researchers say this foothold is equivalent to gaining full control over the entire organizational network. Check Point researchers classified their findings into two attack vectors: Reverse Attack Scenario: A compromized machine inside the corporate network leverages the incoming benign connection to attack the Apache gateway, aiming to take it over. Malicious Worker Scenario: A rogue employee uses a computer inside the network to leverage his hold on both ends of the connection and take control of the gateway. Data security in remote work operations Omri Herscovici, Vulnerability Research Team Leader at Check Point said, “While the global transition to remote work is a necessity, we cannot neglect the security implications of such remote connections, especially as we enter the post-coronavirus era. This research demonstrates how a quick change in the social landscape directly affects what attackers might focus their efforts on. In this case, it’s remote work.” Omri adds, “The fact that more and more companies have externalised many internally-used services to the outside world opens a number of new potential attack vectors for threat actors. I strongly urge companies and organizations to keep their servers up-to-date to protect their remote workforces.” Check Point Research responsibly disclosed its findings to The Apache Software Foundation (Apache), the maintainers of Guacamole, on March 31, 2020. On May 12, Apache issued 2 CVE-IDs to the 4 reported vulnerabilities, and Apache has released a patched version in June 2020.
Check Point Research, the threat intelligence arm of Check Point Systems Inc., has announced the creation of a new online vulnerability repository, CPR-Zero. Going forward, Check Point will publicly list all vulnerabilities its research teams find, even if they are not featured in a publication on the Check Point Research blog. The move makes Check Point the industry’s largest cyber security vendor to openly share such vital information online. CPR-Zero vulnerability repository "Not every vulnerability that we find leads to a blog post or publication. In fact, most do not,” said Omri Herscovici, Head of Vulnerability Research at Check Point. "This is why it’s important for us to share our findings using the CPR-Zero platform. The information listed on CPR-Zero will be a priceless resource for citizens and enterprises everywhere to be more informed and vigilant against the latest cyber-security threats.” CPR Zero has initially launched with over 130 vulnerabilities and will quickly expand to offer a comprehensive library of all vulnerabilities that Check Point’s research team has uncovered, both historic and in the future. CPR Zero lists CVEs with links and references for viewers to learn more from the official CVE database. The list also contains detailed information regarding each vulnerability, including a crash and dump, a short explanation and sometimes a POC. Enhanced cyber security Check Point’s mission is to make the online world a safer place to live in" The repository will be continually updated with new discoveries. However, Check Point reserves the right to not publicly disclose major vulnerabilities that may be at a high risk of being exploited before patches or updates are widely available. "Check Point’s mission is to make the online world a safer place to live in. To help us further get there, we are making the bold move to be the largest cyber security company in the industry to share ALL our technical CVE findings with everyone," said Neatsun Ziv, VP of Threat Prevention. “No other cyber security company of our size has taken this step." Greater customer and enterprise security Built by some of some of the most talented and capable experts in the field, CPR Zero is Check Point’s latest initiative in responsibly notifying both consumers and enterprise organizations of new cyber-security risks, as well as encouraging vendors to take the necessary steps to continue to provide a risk-free user experience.