{"type": "osvdb", "published": "2004-07-24T10:52:51", "href": "https://vulners.com/osvdb/OSVDB:8246", "hashmap": [{"key": "affectedSoftware", "hash": "cf3590d2001599e14c347f2863428d7d"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "dc25f092e8e33b747217654403b22a94"}, {"key": "href", "hash": "3ef208fd7d07ee79f382177b0d84d700"}, {"key": "modified", "hash": "d295917d2b1f7021599ba87c3ac6d916"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "d295917d2b1f7021599ba87c3ac6d916"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "88444101fce64885cfdd4143f837cee7"}, {"key": "title", "hash": "62d3b04cce186d521780d9741d1fc578"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "NONE", "score": 0.0}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "Dirk Loss(dirk.loss@it-consult.net)", "title": "eSeSIX Thintune Client Default Root Password", "affectedSoftware": [{"operator": "eq", "version": "2.4.38-32-D", "name": "Thintune XS"}, {"operator": "eq", "version": "2.4.38-32-D", "name": "Thintune L"}, {"operator": "eq", "version": "2.4.38-32-D", "name": "Thintune S"}, {"operator": "eq", "version": "2.4.38-32-D", "name": "Thintune XM"}, {"operator": "eq", "version": "2.4.38-32-D", "name": "Thintune M"}], "enchantments": {"score": {"value": 0.5, "vector": "NONE", "modified": "2017-04-28T13:20:03"}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:03"}, "vulnersScore": 0.5}, "references": [], "id": "OSVDB:8246", "hash": "29ef679544b25607c10fe2e9f30b7d5f5688e9e2952a82d0675904057c5c9cc3", "lastseen": "2017-04-28T13:20:03", "cvelist": [], "modified": "2004-07-24T10:52:51", "description": "## Vulnerability Description\nThe firmware in eSeSIX Thintune client contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered when connecting to port 25072 and using a default password of 'jstwo', which could allow a remote attacker to gain unauthorized root access to the system, resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 2.4.39 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nThe firmware in eSeSIX Thintune client contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered when connecting to port 25072 and using a default password of 'jstwo', which could allow a remote attacker to gain unauthorized root access to the system, resulting in a loss of integrity.\n## References:\nVendor URL: http://www.thintune.com/en/index.htm\nSecurity Tracker: 1010770\n[Secunia Advisory ID:12154](https://secuniaresearch.flexerasoftware.com/advisories/12154/)\n[Related OSVDB ID: 8249](https://vulners.com/osvdb/OSVDB:8249)\n[Related OSVDB ID: 8250](https://vulners.com/osvdb/OSVDB:8250)\n[Related OSVDB ID: 8248](https://vulners.com/osvdb/OSVDB:8248)\n[Related OSVDB ID: 8247](https://vulners.com/osvdb/OSVDB:8247)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0273.html\nISS X-Force ID: 16790\nBugtraq ID: 10794\n"}

{}