Unsolved
This post is more than 5 years old
2 Posts
0
19579
TFTP vulnerability in WDM 4.8
TFTP vulnerability in WDM 4.8
We are a IT security company and perform vulnerability scans on our clients networks. Our one client uses Wyse terminals and WDM to manage them. Our vulnerability scanner found a vulnerability in the built in TFTP server in WDM version 4.8. The vulnerability scanner reports the TFTP server as being Kiwitools TFTP server, not sure if the TFTP server within WDM is actually this or its being incorrectly detected by the vulnerability scanner. The vulnerability scanner can exploit this vulnerability so it seems like a valid problem.
I tried to find reference to this on the Wyse site but could not. I see there is a newer version of WDM available 4.8.5 but need to know if this problem is fixed before recommending an upgrade.
Any insight into this would be great.
mlpotgieter
2 Posts
0
June 15th, 2015 06:00
Thanks for your comment but it does not actually answer my question. Unless you are saying that Wyse are aware of the problem but are not concerned about it because it is the free edition.
tarasovav-wiat.
1 Message
0
June 15th, 2015 06:00
not sure if this is a problem if any. In a dangerous environment one should use WDM Enterprise Edition with HTTPS only as the communication protocol