PT-2015-7490 · Mobatek · Mobaxterm
Bryan Rhodes
+3
·
Published
2015-11-04
·
Updated
2015-11-04
·
CVE-2015-7244
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
MobaXterm versions prior to 8.3
Description
The default configuration of the server in MobaXterm has a disabled Access Control setting, which does not require authentication for X11 connections. This allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets.
Recommendations
For versions prior to 8.3, enable the Access Control setting to require authentication for X11 connections.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mobaxterm