Google’s Project Zero researcher Tavis Ormandy discovered another security issue in Comodo Internet Security’s software. This is the second significant security flaw he discovered this month. When users install Comodo, the default configuration loads a tech support application called GeekBuddy that installs a VNC server – using an insecure default password.
“This is an obvious and ridiculous local privilege escalation, which apparently Comodo believe they have resolved by generating a password instead of leaving it blank,” wrote Ormandy, in a Google security blog post. “That is not the case, as the password is simply the first 8 characters of SHA1(Disk.Caption+Disk.Signature+Disk.SerialNumber+Disk.TotalTracks). I imagine Comodo thought nobody would bother checking how they generated the password, because this clearly doesn’t prevent the attack they claim it solved.”
Once the GeekBuddy default password is cracked, local privilege escalation is available to unprivileged users. Until last May, the GeekBuddy application required no password.
The issue follows another Comodo security issue discovered by Ormandy. When customers install Comodo, the default setting led to installation of the Chromodo browser and replaced Chrome settings and cookies with Chromodo links.