Security Alerts blog

Guacamole Open Source Remote Administrative Protocol Session Hijacking

Two CVE’s (2020-9497 and 2020-9498) have been announced in the Apache Guacamole service. Successful exploitation of these vulnerabilities would allow an attacker to hijack a session on the host device or steal credentials.

These vulnerabilities have been highlighted in version 1.1.0 of Guacamole. This version of the software should be updated to the latest version at the time of writing this is version 1.2.0.

If this is not possible the protocol should be removed until a fix is released.

This vulnerability is still waiting for confirmation by the NVD and this post may be updates as new information is available.

Source: The Register    

Risk Crew

Share
Published by
Risk Crew
Tags: July2020
5 years ago

Recent Posts

ISO 42001: Key Insights You Need to KnowISO 42001: Key Insights You Need to Know

ISO 42001: Key Insights You Need to Know

Introducing ISO 42001 – the world’s first international management system standard focused specifically on AI.…

3 months ago
ISO 27001 Requirements | Your Roadmap to ComplianceISO 27001 Requirements | Your Roadmap to Compliance

ISO 27001 Requirements | Your Roadmap to Compliance

Data breaches and cyberattacks have become daily concerns for information security professionals and business leaders.…

3 months ago
DORA | DISCOVERY SESSIONDORA | DISCOVERY SESSION

DORA | DISCOVERY SESSION

5 months ago
DORA Compliance Checklist | GUIDEDORA Compliance Checklist | GUIDE

DORA Compliance Checklist | GUIDE

5 months ago
Essential Red Team KPIs & Metrics | GUIDEEssential Red Team KPIs & Metrics | GUIDE

Essential Red Team KPIs & Metrics | GUIDE

5 months ago
How to Get Ready for a Penetration TestHow to Get Ready for a Penetration Test

How to Get Ready for a Penetration Test

It is an undeniable fact that all applications and infrastructures are essentially in need of…

5 months ago