CVE-2009-1474

Name of the Vulnerable Software and Affected Versions: ATEN KH1516i IP KVM switch version 1.0.063 ATEN KN9116 IP KVM switch version 1.1.104

Description: The issue concerns the lack of encryption for mouse events and the insecure handling of session cookies in https sessions. This makes it easier for man-in-the-middle attackers to inject network traffic and perform mouse operations on connected machines. Additionally, remote attackers can capture session cookies by intercepting their transmission within an http session.

Recommendations: For ATEN KH1516i IP KVM switch version 1.0.063, consider disabling the mouse event transmission feature until a patch is available that properly encrypts these events. For ATEN KN9116 IP KVM switch version 1.1.104, restrict access to the https session cookie by setting the secure flag, and avoid using http sessions to minimize the risk of cookie capture.