|
|
|
|
| |
Credit:
The information has been provided by Oliver Karow.
The original article can be found at: http://www.symantec.com/enterprise/research/SYMSA-2006-012.txt
|
| |
During the installation procedure, an administrative user account for the application is created. Sending the same request with a different username, after the installation is completed, creates an additional administrative account. The account can be created remotely and authentication is not required.
Vendor Response:
The above vulnerability is fixed and applicable to the following versions:
- - ThinClientServer 4.0 - Users of ThinClientServer Version 4 are unaffected by this issue.
- - ThinClientServer 3.0 - Please Upgrade your machine to Version 4.0.2248 or higher and deploy the new ThinClientOS 4.0 on your network to resolve this issue. This can be done by uploading the new image zip file in the Management Console and setting it as the new default image for your ThinClients.
Customers who have prior versions of ThinClientServer are requested to upgrade to at least 4.0.2248 version.
Recommendation:
Upgrade to Version 4.0.2248 or higher to solve the issue.
CVE Information:
CVE-2006-6221
|
|
|
|
|
