CVE-2021-44425 An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3

An attacker can monitor a victim's communications over the software to obtain sensitive information. An attacker could also take control of the victim's software using the same technique.

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. When connecting to a remote AnyDesk tunneled tunnel server, if the server is configured to use an authentication method other than the default, the AnyDesk client does not notify the user that this server does not support the authentication method. An attacker could exploit this issue to access the tunnel server.

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. The AnyDesk Windows client does not properly validate X.509 certificates downloaded from the server, allowing an attacker to create a malicious certificate and sign any arbitrary AnyDesk connection request, to fool the client into thinking that the connection request comes from the server. An attacker could exploit this issue to access the AnyDesk server.

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. When connecting to a remote AnyDesk tunneled tunnel server, if the server is configured to use an authentication method other than the default, the AnyDesk client does not notify the user that this server does not support the authentication method. An attacker could exploit this issue to access the AnyDesk server.

An issue

Products Affected

AnyDesk 6.2.6 and 6.3.x before 6.3.3

Installing AnyDesk on Linux, Mac and Windows

AnyDesk is a free software package that enables users to remotely control other computers. The software provides remote desktop functionality and also allows you to share your screen with another computer.

Simply download the AnyDesk software on your computer, install it, then start it up. On Linux, Mac, or Windows machines, you will be able to connect to any other computer via a secure tunnel connection from the client application. Since the connection is encrypted and secure, you can use this feature for remote support of friends or relatives without fear of revealing too much personal information about yourself.

To access AnyDesk's remote desktop feature on Linux machines, open up your command prompt and type in: "anydesk". To access the same feature on Macs or Windows machines, open up your browser and paste in: "https://mylocalhost/myanydesk".
For more information about installing and using AnyDesk on Windows machines visit http://www.anydesk.com/windows-install/.

Timeline

Published on: 09/12/2022 21:15:00 UTC
Last modified on: 09/16/2022 15:01:00 UTC

References