The Clipboard bugginess etc has been pretty well documented when using KLC to control servers - often times I cannot take screen shots because KLC has hijacked my clipboard, etc. We came across a new one today, when two technicians on two different workstations are KLC'ed to the same Server, the clipboard gets shared.
EG my coworker was "pasting" and he got the contents of my workstation clipboard - an amazon link. I see this as a fairly significant security bug. Has anyone else experienced this?
Yep. I raised a ticket months ago. Kaseya refuse to acknowledge this as a bug. LOL They are "working on it" and will "update me" when they get a response from development. That was three months ago.
Yes, it is a known 'feature' and has been for at least a year or so.
Yes. Big security risk. Add it to the list of having a user type their own security question and answer, not properly integrating with 3rd party SAML providers or making partners purchase AuthAnvil to enable 2FA.
To make people more security conscious we consider at a good idea to have a toggle to switch on clipboard sharing if and when you need it. Disabling the clipboard sharing on the client should also wipe the clipboard contents.
Having it on syncs your local clipboard with the machine you're controlling and vice versa. I don't really see how you would prevent accidental sync between two machines controlling the same client. That would require some Microsoft wizardry, that probably isn't available. So, I'm not sure how to blame Kaseya for that. In testing I confirmed that using a Private session doesn't make a difference, Again, that would be nice to have as an option, but I doubt Microsoft has that much control over clipboard usage.