eSeSIX Thintune Client Default Root Password

2004-07-24T10:52:51
ID OSVDB:8246
Type osvdb
Reporter Dirk Loss(dirk.loss@it-consult.net)
Modified 2004-07-24T10:52:51

Description

Vulnerability Description

The firmware in eSeSIX Thintune client contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered when connecting to port 25072 and using a default password of 'jstwo', which could allow a remote attacker to gain unauthorized root access to the system, resulting in a loss of integrity.

Solution Description

Upgrade to version 2.4.39 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

The firmware in eSeSIX Thintune client contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered when connecting to port 25072 and using a default password of 'jstwo', which could allow a remote attacker to gain unauthorized root access to the system, resulting in a loss of integrity.

References:

Vendor URL: http://www.thintune.com/en/index.htm Security Tracker: 1010770 Secunia Advisory ID:12154 Related OSVDB ID: 8249 Related OSVDB ID: 8250 Related OSVDB ID: 8248 Related OSVDB ID: 8247 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0273.html ISS X-Force ID: 16790 Bugtraq ID: 10794