Dirk Loss

**Name of the Vulnerable Software and Affected Versions** eSeSIX Thintune thin clients version 2.4.38 and earlier **Description** The issue allows remote attackers to gain access to the system due to a default password `jstwo` for a process started on port 25072. **Recommendations** For versions 2.4.38 and earlier, change the default password `jstwo` to a secure password to prevent unauthorized access. Consider restricting access to port 25072 until a secure password is set.

**Name of the Vulnerable Software and Affected Versions** eSeSIX Thintune thin clients versions 2.4.38 and earlier **Description** The issue allows attackers to gain access by storing sensitive usernames and passwords in cleartext in configuration files for the keeper library. **Recommendations** For versions 2.4.38 and earlier, update the firmware to a version that does not store sensitive information in cleartext, or consider restricting access to the configuration files of the keeper library until a patch is available.

**Name of the Vulnerable Software and Affected Versions** eSeSIX Thintune thin clients versions 2.4.38 and earlier **Description** The issue allows local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the `maertsJ` password, which is hard-coded into `lshell`. **Recommendations** For versions 2.4.38 and earlier, consider changing the hard-coded `maertsJ` password in `lshell` to prevent unauthorized access. As a temporary workaround, restrict access to the `lshell` component until a patch is available.