2X ThinClientServer Unauthorized Administrative Account Creation Vulnerability
BID:21300
Info
2X ThinClientServer Unauthorized Administrative Account Creation Vulnerability
| Bugtraq ID: | 21300 |
| Class: | Design Error |
| CVE: |
CVE-2006-6221 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 04 2006 12:00AM |
| Updated: | Dec 06 2006 05:29PM |
| Credit: | Oliver Karow of Symantec is credited with the discovery of this vulnerability. |
| Vulnerable: |
2X ThinClientServer 3.0 |
| Not Vulnerable: |
2X ThinClientServer 4.0.2248 2X ThinClientServer 4.0 |
Discussion
2X ThinClientServer Unauthorized Administrative Account Creation Vulnerability
ThinClientServer is prone to a vulnerability that may allow an unauthorized remote attacker to create an administrative account and to gain administrative access to an affected application.
ThinClientServer is prone to a vulnerability that may allow an unauthorized remote attacker to create an administrative account and to gain administrative access to an affected application.
Exploit / POC
2X ThinClientServer Unauthorized Administrative Account Creation Vulnerability
An attacker uses the affected application itself to exploit this issue.
An attacker uses the affected application itself to exploit this issue.
Solution / Fix
2X ThinClientServer Unauthorized Administrative Account Creation Vulnerability
Solution:
The vendor has released version 4.0.2248 to address this issue. Contact the vendor for details on obtaining and applying the appropriate updates.
Please see the referenced advisories for more information.
Solution:
The vendor has released version 4.0.2248 to address this issue. Contact the vendor for details on obtaining and applying the appropriate updates.
Please see the referenced advisories for more information.
References
2X ThinClientServer Unauthorized Administrative Account Creation Vulnerability
References:
References: