| VID |
23082 |
| Severity |
40 |
| Port |
25702 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
eSeSIX Thintune Thin Client contains a backdoor account that allows remote attackers to gain complete access to the target device.
Thintune is a series of thin client appliances sold by eSeSIX GmbH, Germany. They offer ICA, RDP, X11 and SSH support based on a customized Linux platform. There is the password ("jstwo") on the Thintune, which is hardcoded into the '/usr/bin/radmin' shell script and cannot be changed via the configuration interface. By connecting an undocumented process listening on TCP port 25072 and authenticating by a short password("jstwo"), a remote attacker could gain full control over the thin client.
* References:
http://www.securityfocus.com/archive/1/369833
* Platforms Affected:
eSeSIX Thintune eXtreme 2.4.38 Firmware
eSeSIX Thintune L 2.4.38 Firmware
eSeSIX Thintune M 2.4.38 Firmware
eSeSIX Thintune Mobile 2.4.38 Firmware
eSeSIX Thintune S 2.4.38 Firmware
eSeSIX Thintune XM 2.4.38 Firmware
eSeSIX Thintune XS 2.4.38 Firmware
Linux Any version |
| Recommendation |
Upgrade to the firmware v2.4.39 released including fixes for this vulnerability. Please contact the vendor for more information:
http://www.thintune.com/ |
| Related URL |
CVE-2004-2048 (CVE) |
| Related URL |
10794 (SecurityFocus) |
| Related URL |
16790 (ISS) |
|
