PT-1997-1216 · Xyplex · Xyplex Terminal Server

Published

1997-11-26

Updated

2017-12-19

CVE-1999-1257

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Xyplex terminal server version 6.0.1S1

Description The issue allows remote attackers to bypass the password prompt. This can be achieved by entering either a CTRL-Z character or a ? (question mark).

Recommendations For version 6.0.1S1, consider restricting remote access until a fix is available, and avoid using the password prompt as the sole means of authentication. As a temporary workaround, monitor login attempts for the use of CTRL-Z or ? characters to detect potential bypass attempts.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-1999-1257

Affected Products

Xyplex Terminal Server

PT-1997-1216 · Xyplex · Xyplex Terminal Server

CVE-1999-1257

Related Identifiers

Affected Products

References · 4