
Fixing critical vulnerabilities in Apache's remote desktop - miles
https://blog.checkpoint.com/2020/07/02/hole-y-guacamole-fixing-critical-vulnerabilities-in-apaches-popular-remote-desktop-gateway/
======
lexicon0
I wonder how many other 5000+ employee companies that develop their own remote
access software have an entire separate redundant system..

~~~
zxcmx
Their unique risk is "our remote access product broke (globally, or
widespread) but we can't fix it because we don't have access anymore...
because we use it too and it's broken".

You can cut off your own arms pretty easily even if you're not the vendor, but
it would look particularly bad for them.

Yeah in theory disciplined updates and testing should resolve the risk, but
sensible to have a fallback.

------
eyalitki
Here is the link to the full technical paper:
[https://research.checkpoint.com/2020/apache-guacamole-
rce/](https://research.checkpoint.com/2020/apache-guacamole-rce/)

~~~
llbeansandrice
I didn't realize the tool was called "guacamole". Now the headline makes more
sense.

------
beh9540
I applaud them for using open source software, and contributing back their
findings, but my first thought reading this was "isn't it a little odd a
security appliance vendor who actively markets a "Remote Secure Access" system
doesn't rely on there own systems?" Their website has a whitepaper link on
every page on how your business should use them for remote access.

~~~
spydum
'We chose two different remote access solutions, so in the event of one
failing, we would have redundancy and an alternative to enable work to
continue,” says Fischbein, “One of the solutions was based on open-source
Apache Guacamole'

I suspect you are right that it's just a story telling prop, but they did
address why it might be practical for them to have such a solution in place.

------
iso947
“We don’t trust open source, and for good reason. Now buy our own closed
source product, it’s far better - honest”

