[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

unauthorized VNC access in AK-Systems Windows Terminals

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: unauthorized VNC access in AK-Systems Windows Terminals
From: Victor Sudakov <sudakov@xxxxxxxxxxxxxxxx>
Date: Tue, 22 Aug 2006 16:11:05 +0700

WinCE-based Windows Terminals (thin clients) manufactured by
AK-Systems (http://www.ak-systems.ru/) with firmware version 1.2.5 ExVLP
feature a VNC server for remote administration and setup. The VNC
access is not protected by password, so anyone with a VNC client can
connect to the terminal and watch the user's RDP/Citrix session, or even
meddle into it.

Workaround suggested by vendor: older firmware without VNC support
should be installed on the terminal.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov@xxxxxxxxxxxxxxxx

Prev by Date: Re: Joomla Rssxt <= 1.0 Remote File Include Vulnerability
Next by Date: Re: Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln
Previous by thread: Simple Machines Forum <=1.1RC2 unset() vulnerabilities
Next by thread: (exploit) firefox 1.5.0.6 linux DoS
Index(es):
- Date
- Thread