Friday, March 19, 2010

Love logmein, but big security issue just found.

At TVG we utilize LMI for backup remote access to desktops and servers. Great service for us.
Provides backup access, multiple connections at a time and solid.

LMI just release a MAC Free to Pro trial for 15 days. Sounds good and why not?

ISSUE: ANYONE USING LMI with multiple accounts.
If a user from company A, who only has access to their desktop, nobody else with their GROUP(that you have given them access to), suddenly clicks on the FREE 15 day PRO TRIAL, they can then see ALL OTHER MAC desktops, servers in ALL other groups/companies that are completely separate and isolated.
  • NOT only can they see other MAC's, but they can upgrade ANY MAC they can see in any groups in any company that has MAC's on LMI.
Actual scenario:
  • If you have 40 Companies, some with MACs on LMI with PC's.
  •  Say Company 1 has a MAC user that needs access to their work desktop.
  • The 1 user, clicks on the 15 day trial within their account.
  • Then that 1 MAC user at Company 1 can then see ALL other MAC's in companies 2-40 and UPGRADE their accounts to the PRO trial.
  • Company 1 MAC cannnot access other MAC's, but can SEE them and UPGRADE them.

Again, cannot access them, but see other companies they should never be able to see.

WOW. Frigthening thought. We tested and confirmed.
Called LMI and were in shock and are working on it and agreed not supposed to happen.

Will update ASAP.

If your interested, email to get on alerts that we send out about these updates to client and non-clients.

"The Advil for your IT pains"
computer consultant Burbank, computer consultant 91601, computer consultant north Hollywood, tech support 91601, tech support Santa Monica, Ca computer support Santa Monica, ca, computer consultant woodland hills, Computer support 91620, network consultant 91601, IT consultant Burbank 91601, tech support north Hollywood, small business computer support encino, tech support encino, computer support north Hollywood

No comments:

Post a Comment

Thanks for your thoughts or comments.