AOH :: HP Unsorted U :: B06-4389.HTM

unauthorized VNC access in AK-Systems Windows Terminals



unauthorized VNC access in AK-Systems Windows Terminals
unauthorized VNC access in AK-Systems Windows Terminals



WinCE-based Windows Terminals (thin clients) manufactured by
AK-Systems (http://www.ak-systems.ru/) with firmware version 1.2.5 ExVLP 
feature a VNC server for remote administration and setup. The VNC
access is not protected by password, so anyone with a VNC client can
connect to the terminal and watch the user's RDP/Citrix session, or even
meddle into it.

Workaround suggested by vendor: older firmware without VNC support
should be installed on the terminal.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov@sibptus.tomsk.ru 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.