Title | ||
---|---|---|
Absolute pwnage: a short paper about the security risks of remote administration tools |
Abstract | ||
---|---|---|
Many IT departments use remote administration products to configure, monitor, and maintain the systems they manage. These tools can be beneficial in the right hands, but they can also be devastating if attackers exploit them to seize control of machines. As a case study, we analyze the security of a remote administration product called Absolute Manage. We find that the system's communication protocol suffers from serious design flaws and fails to provide adequate integrity, confidentiality, or authentication. Attackers can exploit these vulnerabilities to issue unauthorized commands on client systems and execute arbitrary code with administrator privileges. These blatant vulnerabilities suggest that remote administration tools require increased scrutiny from the security community. We recommend that developers adopt defensive designs that limit the damage attackers can cause if they gain control. |
Year | DOI | Venue |
---|---|---|
2011 | 10.1007/978-3-642-27576-0_6 | Financial Cryptography |
Keywords | Field | DocType |
short paper,remote administration tool,remote administration product,case study,adequate integrity,absolute manage,it department,arbitrary code,administrator privilege,blatant vulnerability,absolute pwnage,security risk,security community | Internet privacy,Authentication,Remote administration,Confidentiality,Computer security,Computer science,Exploit,Heartbeat message,Security community,Vulnerability,Communications protocol | Conference |
Volume | ISSN | Citations |
7035 | 0302-9743 | 1 |
PageRank | References | Authors |
0.45 | 3 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Jay Novak | 1 | 1 | 0.45 |
Jonathan Stribley | 2 | 1 | 0.45 |
Kenneth Meagher | 3 | 1 | 0.45 |
J. Alex Halderman | 4 | 2301 | 149.67 |