Community
Metadata leakage due to partially unencrypted handshake
Alf Scherer,
User (Posts: 1)
Apr 23, 2021 1:14:15 pm EDT
Support level: Pro
As probably most RU users would not know, currently the handshake between RU-Server and RU-Viewer/Host is not fully encrypted. This leads to metadata leakage.
Leaked metadata on handshake includes, but is not limited to:
- the product version
- protocol version
- the device name
- license information (license key?)
- whether or not an RU agent is running
- whether or not RU is running as admin
- the OS version
- internal IPs
- etc.
To verify my claim, download Wireshark to your RU-Viewer system and capture the traffic on/to port 5655. Now startup the RU Viewer and watch for XML-messages in the captured network stream.
According to support, change for this is coming, but no ETA can be estimated. For me this translates to: this is clearly not a priority to the devs. As I have paid for a Pro-License, I'm really not very amused about this.
What does the community think about this?
Leaked metadata on handshake includes, but is not limited to:
- the product version
- protocol version
- the device name
- license information (license key?)
- whether or not an RU agent is running
- whether or not RU is running as admin
- the OS version
- internal IPs
- etc.
To verify my claim, download Wireshark to your RU-Viewer system and capture the traffic on/to port 5655. Now startup the RU Viewer and watch for XML-messages in the captured network stream.
According to support, change for this is coming, but no ETA can be estimated. For me this translates to: this is clearly not a priority to the devs. As I have paid for a Pro-License, I'm really not very amused about this.
What does the community think about this?
Pauline,
Support (Posts: 2870)
Apr 23, 2021 1:52:33 pm EDT
Hello Alf,
Thank you for your message.
I apologize for the inconvenience, but as I've already mentioned in the ticket, there is, indeed some additional unencrypted metadata transferred between Host and Server or Viewer and Server (only in case of Internet-ID connections), but this data is not related to authentication or remote sessions, so this does not cause any security threats. All data related to authentication or to a remote session is encrypted regardless of the connection type.
However, we do understand your concern - I have forwarded your feedback on this to our developers, so we will try to implement these changes as soon as we can. Sorry once again for the inconvenience.
Please let me know if you have more questions.
Thank you for your message.
I apologize for the inconvenience, but as I've already mentioned in the ticket, there is, indeed some additional unencrypted metadata transferred between Host and Server or Viewer and Server (only in case of Internet-ID connections), but this data is not related to authentication or remote sessions, so this does not cause any security threats. All data related to authentication or to a remote session is encrypted regardless of the connection type.
However, we do understand your concern - I have forwarded your feedback on this to our developers, so we will try to implement these changes as soon as we can. Sorry once again for the inconvenience.
Please let me know if you have more questions.
* Website time zone: America/New_York (UTC -5)