LoginTC Product Security Advisory
Advisory ID: LTC-PSA-2021-001
Publication Date: 2021-03-12
Status: Confirmed, Fixed
Document Revision: 1
Cyphercor has identified an issue in which it is possible to launch dialogs with deployments that use the LoginTC Windows Logon and RDP Connector (version 1.0.3 and below).
Once a user a has entered valid first factor authentication credentials (username and password) the LoginTC Windows Logon and RDP Connector displays a window for completing a second factor authentication challenge. Through a combination of mouse and keyboard actions it is possible to launch Windows dialogs (Find Dialog, Open Dialog, Browser Dialog, Print Dialog) and subsequently run program in certain cases.
A user with valid first factor authentication credentials (username and password) may be able to launch dialogs (Find Dialog, Open Dialog, Browser Dialog, Print Dialog) prior to performing second factor authentication.
- LoginTC Windows Logon and RDP Connector 1.0.3 and below
Install the LoginTC Windows Logon and RDP Connector version 1.1.0 or later on the Windows host. The latest release can be downloaded from LoginTC Windows Logon and RDP Connector. See LoginTC Windows Logon and RDP Connector Upgrade for upgrade instructions.
Vulnerability Class: CWE-284: Improper Access Control
Remotely Exploitable: Yes
Authentication Required: Yes/Partial (first factor required; second factor bypassed)
CVSSv2 Overall Score: 7.3
CVSSv2 Group Scores: Base: 6.8, Temporal: 5.6, Environmental: 7.3
CVSSv2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:ND/CDP:MH/TD:H/CR:H/IR:L/AR:H
- CWE-284: Improper Access Control – https://cwe.mitre.org/data/definitions/284.html
- Cyphercor discovers issue internally, identifies and implements fix
- Fix is tested and released
- Advisory is drafted, shared with potentially affected LoginTC Business and Enterprise customers
- Cyphercor performs additional testing
Feedback regarding this issue should be sent to firstname.lastname@example.org and contain “LTC-PSA-2021-001” in the subject.