I am reporting a security concern in LogMeIn Central related to default user permissions.
When creating a new user via:
Users > Manage > Add Users
the Computer permissions setting under Group/Computer Permission is set by default to:
Access all computers in the account
This default grants new users full access to every computer in the LogMeIn Central account, regardless of actual need. This represents a significant security risk because it conflicts with the Principle of Least Privilege and exposes customer environments to potential misuse or accidental access escalation.
Recommendation:
Please change the default behavior so that new users are initially configured with:
Specify the groups and computers the selected user can access
This adjustment will ensure users only receive access explicitly assigned to them, preventing inadvertent over-permissioning and reducing customer security risk.
Given the nature of this issue, I recommend prioritizing this change as a security remediation rather than a feature enhancement.
Thank you for your attention to this matter.