|
Family: CGI abuses --> Category: attack
ThinClientServer Admin Account Creation Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to create an account in ThinClientServer
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that allows creation of
additional administrative accounts.
Description :
The remote host is running ThinClientServer, an application to convert
existing PCs into thin clients.
The version of ThinClientServer installed on the remote host allows an
unauthenticated remote attacker to create administrative accounts.
See also :
http://www.symantec.com/enterprise/research/SYMSA-2006-012.txt
http://www.securityfocus.com/advisories/11589
Solution :
It is reported that upgrading to ThinClientServer version 4.0.2248 or
higher addresses this issue. You should also review the list of
existing administrators and remove any that are not valid.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|