eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Thintune_extreme | Esesix | 2.4.38 (including) | 2.4.38 (including) |
| Thintune_l | Esesix | 2.4.38 (including) | 2.4.38 (including) |
| Thintune_m | Esesix | 2.4.38 (including) | 2.4.38 (including) |
| Thintune_mobile | Esesix | 2.4.38 (including) | 2.4.38 (including) |
| Thintune_s | Esesix | 2.4.38 (including) | 2.4.38 (including) |
| Thintune_xm | Esesix | 2.4.38 (including) | 2.4.38 (including) |
| Thintune_xs | Esesix | 2.4.38 (including) | 2.4.38 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=109068491801021\u0026w=2
- http://secunia.com/advisories/12154
- http://securitytracker.com/id?1010770
- http://www.osvdb.org/8247
- http://www.securityfocus.com/bid/10794
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16795
- http://marc.info/?l=bugtraq\u0026m=109068491801021\u0026w=2
- http://secunia.com/advisories/12154
- http://securitytracker.com/id?1010770
- http://www.osvdb.org/8247
- http://www.securityfocus.com/bid/10794
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16795