CVE-2019-18988: 
TeamViewer Remote vulnerability analysis and mitigation

TeamViewer Desktop through version 14.7.1965 contains a security vulnerability (CVE-2019-18988) that allows bypass of remote-login access control. The vulnerability exists because TeamViewer used the same AES key for all installations since at least version 7.0.43148, particularly for encrypting OptionsPasswordAES in the registry (CISA KEV, AttackerKB).

The vulnerability stems from TeamViewer using a shared AES-128-CBC encryption key (0602000000a400005253413100040000) and initialization vector (0100010067244F436E6762F25EA8D704) across all installations to encrypt sensitive information stored in the Windows registry. This includes the client settings password, proxy passwords, and in older versions, the Unattended Access password (WhyNotSecurity, TeamViewer Security).

If an attacker knows the shared encryption key, they can decrypt protected information stored in the registry or configuration files. For versions before TeamViewer 9.x, this allowed attackers to decrypt the Unattended Access password, enabling remote login and headless file browsing. While newer versions changed how the Unattended Access password is stored, the vulnerability still affects other encrypted registry values (TeamViewer Security).

TeamViewer's security engineers worked on improving the encryption for data points that need to be available on the local system and limiting the use of local registry keys. The company emphasized that TeamViewer account passwords are not affected as they use Secure Remote Password (SRP) for account authentication (TeamViewer Security).