Mobatek · Mobaxterm · CVE-2015-7244
**Name of the Vulnerable Software and Affected Versions**
MobaXterm versions prior to 8.3
**Description**
The default configuration of the server in MobaXterm has a disabled Access Control setting, which does not require authentication for X11 connections. This allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets.
**Recommendations**
For versions prior to 8.3, enable the Access Control setting to require authentication for X11 connections.