Our Microsoft Defender Endpoint reported vulnerabilities in Openssl for the following GoToAssist agent files. I asked GoToAssist support but they don't have an estimated time frame of resolution. Should we find other remote tool? c:\program files\goto\gotoassist agent desktop console\libssl-3-x64.dllc:\program files\goto\gotoassist agent desktop console\libcrypto-3-x64.dll Associated CVEs (Severity): CVE-2023-2650 (High), CVE-2023-4807 (High), CVE-2023-0464 (Medium), CVE-2023-6129 (Medium), CVE-2023-2975 (Medium), CVE-2023-5363 (Medium).

Thank you for the good news. I will wait it.

What version of agent(s) are you on? I have both V4 and V5 installed and I do not have the directory: c:\program files\goto . On my Win 10 computer, the DLL files you listed are stored at AppData\Local\Programs\LogMeIn\GoToAssist Agent Desktop Console

Download Windows 64-bit version from https://help.gotoassist.com/remote-support/help/gotoassist-remote-support-agent-desktop-console-beta

Was already on 64-bit version of V5 desktop, version 5.9.1.101 Downloaded from your link and reinstalled 64-bit version. Same version appeared: 5.9.1.101. None of the two DLL files you listed are located at c:\program files\goto\gotoassist agent desktop console. This directory does not exist on my end. Still located at: AppData\Local\Programs\LogMeIn\GoToAssist Agent Desktop Console

Hi IBUS Welcome to the GoTo Community. Kaz111 great to see you and thanks for your help here. Our team is currently evaluating this and we will post an update as soon as we learn more on the situation. Thanks very much for your patience and reports.

GoToAssist Agent Vulnerabilities

14 Replies

GlennD
GoTo Manager
4 months ago
Hi CRBigBusTours, welcome to the community.

Yes, GoToAssist Remote Support v4.8.0.1712 that was released in October 2024 included an update to OpenSSL v3.0.14 The latest release of GoToAssist Remote Support v4 is v4.8.0.1716 which was released in December 2024
CRBigBusTours
New Member
4 months ago
Hi GlennD,
We're trying to tackle a ton of OpenSSL vulnerabilities and GTA is one of our biggest hitters. Do you know if this has been patched to v3.0.14?
Thanks
DaveK153
New Contributor
11 months ago
Great - thank you Glenn!
GlennD
GoTo Manager
11 months ago
Hi DaveK153, welcome to the community.

The current status is GTA v5 is using v3.0.13 of OpenSSL and our team will be updating to v3.0.14 as soon as possible after it is released. It appears OpenSSL sees this as a low severity https://www.openssl.org/news/secadv/20240408.txt
DaveK153
New Contributor
11 months ago
Has this issue been resolved yet in terms of release of new client with updated OpenSSL?? We are getting OpenSSL vulnerabilities scores in MS Defender and they all seem to be related to the unassisted client.
IBUS
Active Contributor
2 years ago
Thank you for the good news. I will wait it.
GlennD
GoTo Manager
2 years ago
Hi IBUS, welcome to the community.

I can confirm that we have an update to GoToAssist Remote Support v5 coming that will update the version of OpenSSL being used (final release date still to be confirmed).

With GoToAssist Remote Support v4 I am waiting for some final details, but my understanding is that because we accepts TLS v1-2 on the server side this is not a concern.
IBUS
Active Contributor
2 years ago
There is no LogMeIn folder under my AppData\Local\Programs
Kaz111
Active Contributor
2 years ago
Interesting. I wonder why the difference in installation and file location between Win 10 (Pro in my case) vs. your Win 11??? Do you have anything under: AppData\Local\Programs\LogMeIn\GoToAssist Agent Desktop Console
IBUS
Active Contributor
2 years ago
I downloaded 64-bit version (G2AAgentDesktopConsole-x64.msi) and installed, then files are extracted under　C:\Program Files\GoTo\GoToAssist Agent Desktop Console. Our OS is Win11.

Forum Discussion

GoToAssist Agent Vulnerabilities

14 Replies

Recent Discussions

Issues downloading sessions

Gotoassist - install Just hangs with client

FIPS-2 Compliance

Reset not working 4.8 Build 1716

Windows 11 - G2A 5.0 / 4.8 Screen Flickers