ThinClientServer < 4.0.2248 Admin Account Creation

High Nessus Network Monitor Plugin ID 3845

Synopsis

The remote web server contains a PHP script that allows the creation of additional administrative accounts.

Description

The remote web server contains a PHP script that allows the creation of additional administrative accounts. The remote host is running ThinClientServer, an application to convert existing PCs into thin clients. The version of ThinClientServer installed on the remote host allows an unauthenticated remote attacker to create administrative accounts.

Solution

Upgrade to version 4.0.2248 or higher.

See Also

http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2006-012.txt

http://www.securityfocus.com/advisories/11589

http://www.2x.com/thinclientserver

Plugin Details

Severity: High

ID: 3845

File Name: 3845.prm

Family: CGI

Published: 2006/12/07

Modified: 2016/01/15

Dependencies: 1442

Nessus ID: 23780

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2006-6221

BID: 21300