A remote administration program installed on student laptops by a Pennsylvania school district and used by numerous companies to manage their computers is even more vulnerable than previously reported.

The LANrev program can be exploited from anywhere on the internet, not just from an attacker on the same local area network as a victim’s computer, according to researchers who say that a second key used by the system is just as insecure as one that was previously disclosed.

Threat Level reported last week that LANrev, also called Absolute Manage, uses a static key to authenticate communication between the client and server. The key is stored in the client-side software and is easily guessed — the programmers hard coded a stanza from a German poem as the key, which is used for every computer on which the software is installed.

Original Article