unauthorized VNC access in AK-Systems Windows Terminals

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: unauthorized VNC access in AK-Systems Windows Terminals
From: Victor Sudakov <sudakov@xxxxxxxxxxxxxxxx>
Date: Tue, 22 Aug 2006 16:11:05 +0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: AO "Svyaztransneft", SibPTUS
User-agent: Mutt/1.4.2.1i

WinCE-based Windows Terminals (thin clients) manufactured by
AK-Systems (http://www.ak-systems.ru/) with firmware version 1.2.5 ExVLP
feature a VNC server for remote administration and setup. The VNC
access is not protected by password, so anyone with a VNC client can
connect to the terminal and watch the user's RDP/Citrix session, or even
meddle into it.

Workaround suggested by vendor: older firmware without VNC support
should be installed on the terminal.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov@xxxxxxxxxxxxxxxx

Prev by Date: Re: Joomla Rssxt <= 1.0 Remote File Include Vulnerability
Next by Date: Re: Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln
Previous by thread: Simple Machines Forum <=1.1RC2 unset() vulnerabilities
Next by thread: (exploit) firefox 1.5.0.6 linux DoS
Index(es):
- Date
- Thread