NetSupport Manager Gateway Security Issue
This document ("634") is provided subject to the disclaimer at the end of this document
This Document is available in the following languages
this document to a colleague

Summary

A Security issue has been identified with the NetSupport HTTP protocol implementation used for communication between the NetSupport Manager Gateway and NetSupport Manager Controls or NetSupport Manager Clients. The Header of some of the NetSupport HTTP packets contained some information in plain text that could be used  to identify information about the client machine. The unencrypted data described the Clients IP Address information, the hardware MAC Address and the logged on users Name.

No Password or security key information was ever transmitted in plain text.

Details

The issue is resolved in NetSupport Manager 11.00.0005 or later. The NetSupport HTTP protocol implementation has been updated and no information is sent in plain text all information is encrypted.

For customers that are concerned by this issue we advise that they update all NetSupport Gateways, Clients and Controls to 11.00.0005 or any later version.

The NetSupport Manager Gateway now has two additional configuration options available on the Security Tab of the Gateway configuration utility these are detailed below

Enable encryption of communications to remote computers
This option is checked by default and enables the encryption of all Header information when communicating with Clients or Controls that are version 11.00.0005 or later. Clients and Controls from previous versions will still be able to communicate however, communications with older versions will contain unencrypted data in the header.

Block any remote computers not using encrypted communications
When checked this option communication from older versions that do not support the enhanced level of encryption will be blocked. Thus any Client or Control prior to version 11.00.0005 will no longer connect to this Gateway.

 

If you require any further assistance please contact NetSupport Technical Support support@netsupportsoftware.com
Applicable Product(s) : NSM 11.30.0000 ,NSM 11.00 ,NSM 10.50 ,NSM 10.30 ,NSM 10.20 ,NSM 10.00 ,NSM 9.60 ,NSM 9.50 ,NSM 9.10 ,NSM 9.00 ,
Applicable Operating System(s) :, Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP
Associated Files :
Date Created : 10-8-2010 00:00:00
Date Modified : 10-8-2010 00:00:00
Revision Number : 1
DISCLAIMER: The origin of this document may be internal or external to NetSupport Ltd. NetSupport Ltd makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. NetSupport Ltd makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners.