Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

ThinClientServer Admin Account Creation Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Tries to create an account in ThinClientServer

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that allows creation of
additional administrative accounts.

Description :

The remote host is running ThinClientServer, an application to convert
existing PCs into thin clients.

The version of ThinClientServer installed on the remote host allows an
unauthenticated remote attacker to create administrative accounts.

See also :

http://www.symantec.com/enterprise/research/SYMSA-2006-012.txt
http://www.securityfocus.com/advisories/11589

Solution :

It is reported that upgrading to ThinClientServer version 4.0.2248 or
higher addresses this issue. You should also review the list of
existing administrators and remove any that are not valid.

Threat Level:

High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.