Multiple Vendor XDMCP Default Access Control Vulnerability

The access control on servers implementing XDMCP is often wide open by default. In systems with these default configurations, any host on the Internet may connect to the XDMCP server and obtain a graphical login screen. It has been confirmed that Sun Solaris, and Caldera/Mandrake Linux systems are vulnerable. Additionally, some systems provide a list of users or other sensitive information at the login screen.


Privacy Statement
Copyright 2010, SecurityFocus