Bugtraq mailing list archives
unauthorized VNC access in AK-Systems Windows Terminals
From: Victor Sudakov <sudakov () sibptus tomsk ru>
Date: Tue, 22 Aug 2006 16:11:05 +0700
WinCE-based Windows Terminals (thin clients) manufactured by AK-Systems (http://www.ak-systems.ru/) with firmware version 1.2.5 ExVLP feature a VNC server for remote administration and setup. The VNC access is not protected by password, so anyone with a VNC client can connect to the terminal and watch the user's RDP/Citrix session, or even meddle into it. Workaround suggested by vendor: older firmware without VNC support should be installed on the terminal. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:sudakov () sibptus tomsk ru
Current thread:
- unauthorized VNC access in AK-Systems Windows Terminals Victor Sudakov (Aug 22)