Description
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the "maertsJ" password, which is hard-coded into lshell.
Product(s):
- Esesix ThinTune Extreme 2.4.38
- Esesix ThinTune L 2.4.38
- Esesix ThinTune M 2.4.38
- Esesix ThinTune Mobile 2.4.38
- Esesix ThinTune S 2.4.38
- Esesix ThinTune XM 2.4.38
- Esesix ThinTune XS 2.4.38
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-2050, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-2050 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.