The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets.
References
Link | Resource |
---|---|
http://blog.mobatek.net/post/mobaxterm-new-release-8.3/ | Patch Vendor Advisory |
http://www.kb.cert.org/vuls/id/316888 | Third Party Advisory US Government Resource |
http://www.securifera.com/advisories/cve-2015-7244 |
Configurations
Information
Published : 2015-11-03 19:59
Updated : 2015-11-04 11:32
NVD link : CVE-2015-7244
Mitre link : CVE-2015-7244
JSON object : View
CWE
CWE-284
Improper Access Control
Products Affected
mobatek
- mobaxterm