VAR-200412-0965
Vulnerability from variot - Updated: 2025-04-03 22:16eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access. Thintune Linux-based devices are reported prone to multiple vulnerabilities. These issues can allow remote attackers to gain complete access to a vulnerable device. The issues include backdoor accounts that can be accessed over the network and an information disclosure issue that can disclose user accounts and passwords. Thintune devices with firmware version 2.4.38 and prior are affected by these issues. Reportedly, Thintune devices based on Windows CE are not affected. eSeSIX Thintune is a series of thin client applications developed by eSeSIX GmbH. ICA, RDP, X11 and SSH support on custom Linux platforms. The second problem is that there is a password disclosure problem. The Keeper library is used to store all JStream configuration settings. The configuration files are stored in the /root/.keeper/ directory. By browsing the local file system or using the \"getreg\" provided in the first question " command, which can remotely read the Keeper database information, resulting in access to VNC, control center and screen saver password information. The third problem is that any user who obtains the local ROOT SHELL can press and then enter the \"maertsJ\" password to obtain the ROOT SHELL. The fourth problem is to view the plain text password of the local user. Thintune software supports end users to access through the Phoenix Web browser. By entering \"file:///\", the local file system directory can be obtained, and the local user can use the browser to view sensitive information. The fifth problem is that the password check is incorrect. If the user sets the password as \'\'a\'\', then inputting a character string starting with \"automobile\", \"any\" or \"afternoon\" is fine. Successfully authenticated
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0965",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thintune xs",
"scope": "eq",
"trust": 1.9,
"vendor": "esesix",
"version": "2.4.38"
},
{
"model": "thintune xm",
"scope": "eq",
"trust": 1.9,
"vendor": "esesix",
"version": "2.4.38"
},
{
"model": "thintune s",
"scope": "eq",
"trust": 1.9,
"vendor": "esesix",
"version": "2.4.38"
},
{
"model": "thintune mobile",
"scope": "eq",
"trust": 1.9,
"vendor": "esesix",
"version": "2.4.38"
},
{
"model": "thintune m",
"scope": "eq",
"trust": 1.9,
"vendor": "esesix",
"version": "2.4.38"
},
{
"model": "thintune l",
"scope": "eq",
"trust": 1.9,
"vendor": "esesix",
"version": "2.4.38"
},
{
"model": "thintune extreme",
"scope": "eq",
"trust": 1.9,
"vendor": "esesix",
"version": "2.4.38"
},
{
"model": "thintune xs",
"scope": "ne",
"trust": 0.3,
"vendor": "esesix",
"version": "2.4.39"
},
{
"model": "thintune xm",
"scope": "ne",
"trust": 0.3,
"vendor": "esesix",
"version": "2.4.39"
},
{
"model": "thintune s",
"scope": "ne",
"trust": 0.3,
"vendor": "esesix",
"version": "2.4.39"
},
{
"model": "thintune mobile",
"scope": "ne",
"trust": 0.3,
"vendor": "esesix",
"version": "2.4.39"
},
{
"model": "thintune m",
"scope": "ne",
"trust": 0.3,
"vendor": "esesix",
"version": "2.4.39"
},
{
"model": "thintune l",
"scope": "ne",
"trust": 0.3,
"vendor": "esesix",
"version": "2.4.39"
},
{
"model": "thintune extreme",
"scope": "ne",
"trust": 0.3,
"vendor": "esesix",
"version": "2.4.39"
}
],
"sources": [
{
"db": "BID",
"id": "10794"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-861"
},
{
"db": "NVD",
"id": "CVE-2004-2049"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Loss, Dirk\u203b Dirk.Loss@it-consult.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-861"
}
],
"trust": 0.6
},
"cve": "CVE-2004-2049",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2004-2049",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-10477",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-2049",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-861",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-10477",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10477"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-861"
},
{
"db": "NVD",
"id": "CVE-2004-2049"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access. Thintune Linux-based devices are reported prone to multiple vulnerabilities. These issues can allow remote attackers to gain complete access to a vulnerable device. \nThe issues include backdoor accounts that can be accessed over the network and an information disclosure issue that can disclose user accounts and passwords. \nThintune devices with firmware version 2.4.38 and prior are affected by these issues. Reportedly, Thintune devices based on Windows CE are not affected. eSeSIX Thintune is a series of thin client applications developed by eSeSIX GmbH. ICA, RDP, X11 and SSH support on custom Linux platforms. The second problem is that there is a password disclosure problem. The Keeper library is used to store all JStream configuration settings. The configuration files are stored in the /root/.keeper/ directory. By browsing the local file system or using the \\\"getreg\\\" provided in the first question \" command, which can remotely read the Keeper database information, resulting in access to VNC, control center and screen saver password information. The third problem is that any user who obtains the local ROOT SHELL can press \u003cCTRL\u003e\u003cSHIFT\u003e\u003cALT\u003e\u003cDEL\u003e and then enter the \\\"maertsJ\\\" password to obtain the ROOT SHELL. The fourth problem is to view the plain text password of the local user. Thintune software supports end users to access through the Phoenix Web browser. By entering \\\"file:///\\\", the local file system directory can be obtained, and the local user can use the browser to view sensitive information. The fifth problem is that the password check is incorrect. If the user sets the password as \\\u0027\\\u0027a\\\u0027\\\u0027, then inputting a character string starting with \\\"automobile\\\", \\\"any\\\" or \\\"afternoon\\\" is fine. Successfully authenticated",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2049"
},
{
"db": "BID",
"id": "10794"
},
{
"db": "VULHUB",
"id": "VHN-10477"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "10794",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1010770",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "8247",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "12154",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2004-2049",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200412-861",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "6752",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040724 ESESIX THINTUNE THIN CLIENT MULTIPLE VULNERABILITIES",
"trust": 0.6
},
{
"db": "XF",
"id": "16795",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-10477",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10477"
},
{
"db": "BID",
"id": "10794"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-861"
},
{
"db": "NVD",
"id": "CVE-2004-2049"
}
]
},
"id": "VAR-200412-0965",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10477"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:16:43.957000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2049"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/10794"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/8247"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1010770"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/12154"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16795"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=109068491801021\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/16795"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=109068491801021\u0026w=2"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/6752"
},
{
"trust": 0.3,
"url": "http://www.thintune.com/en/products/index.htm"
},
{
"trust": 0.3,
"url": "/archive/1/369833"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=109068491801021\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10477"
},
{
"db": "BID",
"id": "10794"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-861"
},
{
"db": "NVD",
"id": "CVE-2004-2049"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-10477"
},
{
"db": "BID",
"id": "10794"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-861"
},
{
"db": "NVD",
"id": "CVE-2004-2049"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-10477"
},
{
"date": "2004-07-24T00:00:00",
"db": "BID",
"id": "10794"
},
{
"date": "2004-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-861"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-2049"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10477"
},
{
"date": "2004-07-24T00:00:00",
"db": "BID",
"id": "10794"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-861"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-2049"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-861"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eSeSIX Thintune Thin client device multiple security vulnerabilities",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-861"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "10794"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-861"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…