radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier starts a process port 25072 that can be accessed with a default "jstwo" password, which allows remote attackers to gain access.
https://exchange.xforce.ibmcloud.com/vulnerabilities/16790
http://securitytracker.com/id?1010770