CVE-2020-29491 and CVE-2020-29492

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #53935
    Avatarjbvh85
    Participant
    • Total Post: 97
    • Back Stage Pass
    • ★★★★

    hello all,

    two security vulnerabilities have been detected on 5010 products

    I want to secure my infrastructure,

    i have RDS broker (windows 2016), i will update ThinOS 8.6_606, i will secure the ftp wyse with a password,

    and i want to desactivate Central Configuration (WMS Options),

    I delete the option but it remains active on my terminals

    only solution reset the terminal but it’s not an option for me

    how to remove the central configuration parameter (fileserver / path) ?

    thank you

    #53936
    Avatarlolix
    Participant
    • Total Post: 172
    • Jacked into The Matrix
    • ★★★★★★

    What are those vulnerabilities exactly ?

    Leaving a file server with Write access to everyone makes you vulnerable ?

    This is not a vulnerability, this is common sense…

    Are we sure that WMS server is more secure than widely used well secured http servers & dhcp servers.

    #53937
    Avatarlolix
    Participant
    • Total Post: 172
    • Jacked into The Matrix
    • ★★★★★★

    One comment on The Register reveals that “write-enabled” thing related to

    {username}.ini.

    I never used those.

    https://forums.theregister.com/forum/all/2020/12/21/dell_wyse_thin_client_scores/

    In the referenced Thin client reference guide, however, reveals all

    All {username}.ini files must be write-enabled to allow the thin client to place the encrypted user passwords in the files.

    #54045
    Avatarjbvh85
    Participant
    • Total Post: 97
    • Back Stage Pass
    • ★★★★

    hello lolix, and Happy New year all !

    Sorry i was in hollidays,

    i use WMS but i have IIS and old server ftp, in central configuration on WMS i was this  ftp,

    on IIS i change and delete writting permission (on WMS and FTP)

    i have deleted central configuration on WMS, i have checked for use secure protocol only

    i have updated on 8.6_606

    i have deleted dns wyseftpfbc4tc

    i think it’s ok …

    #54048
    Avatarjbvh85
    Participant
    • Total Post: 97
    • Back Stage Pass
    • ★★★★

    I just deactivated the server IIS …

    i keep only WMS !

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.