MidnightBSD

Advisories for esesix

CVE-2004-2048 HIGH

radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier starts a process port 25072 that can be accessed with a default "jstwo" password, which allows remote attackers to gain access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
esesix thintune_mobile 2.4.38
esesix thintune_xs 2.4.38
esesix thintune_xm 2.4.38
esesix thintune_m 2.4.38
esesix thintune_extreme 2.4.38
esesix thintune_s 2.4.38
esesix thintune_l 2.4.38
CVE-2004-2049 MEDIUM

eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
esesix thintune_mobile 2.4.38
esesix thintune_xs 2.4.38
esesix thintune_xm 2.4.38
esesix thintune_m 2.4.38
esesix thintune_extreme 2.4.38
esesix thintune_s 2.4.38
esesix thintune_l 2.4.38
CVE-2004-2050 MEDIUM

eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the "maertsJ" password, which is hard-coded into lshell.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
esesix thintune_mobile 2.4.38
esesix thintune_xs 2.4.38
esesix thintune_xm 2.4.38
esesix thintune_m 2.4.38
esesix thintune_extreme 2.4.38
esesix thintune_s 2.4.38
esesix thintune_l 2.4.38
CVE-2004-2051 MEDIUM

The Phoenix browser in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allows local users to read arbitrary files via a file:/// URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
esesix thintune_l 2.4.38_firmware
esesix thintune_xs 2.4.38_firmware
esesix thintune_s 2.4.38_firmware
esesix thintune_xm 2.4.38_firmware
esesix thintune_extreme 2.4.38_firmware
esesix thintune_m 2.4.38_firmware
esesix thintune_mobile 2.4.38_firmware
CVE-2004-2052 HIGH

eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accept any password that begins with the actual password, which makes it easier for users to conduct brute force password guessing.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
esesix thintune *