Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

SpydyIOM

4 Posts

1299

October 3rd, 2018 01:00

Security flaw within 8.5_017?

Hi,

We have seemingly discovered a flaw with the security of the version above. I'm able to freely access any users desktop after lock by simply changing the resolution and allowing the Wyse device to disconnect the desktop, reconnect then enter the users password automatically. We would like to determine if this is a wnos.ini config issue, and genuine flaw or a mix due to our environment.

  • - XD 7.15 infrastructure
  • - 7.6.3 VDA
  • - Dual monitor setup throughout

Step to re-create: 

  • Lock Virtual Desktop
  • Go to WNOS GUI and enter System Setup > Display
  • Change both screens to the same lower or higher resolution > Test > Confirm with OK
  • The Wyse device will then disconnect and reconnect the desktop, automatically entering the users password
  • The desktop can now be accessed

 

wnos.ini

autoload=1 VerifySignature=no
SecurityPolicy=low

AdminMode=yes Admin-Username=xxxx Admin-Password=xxxx
Privilege=None ShowDisplaySettings=Yes

AutoSignoff=yes Shutdown=yes
Shutdowncounter=0
ShutDown=turnoff
AddCertificate=xxx.pfx Password=xxx
SysMode=VDI

Language=Uk
Device=audio Volume=25 mic_vol=5

#Webcams
Device=vusb ForceRedirect=0x046d,0x0843,0xef,0x02,0x01 InterfaceRedirect=yes
Device=vusb ForceRedirect=0x046d,0x0825,0xef,0x02,0x01 InterfaceRedirect=yes

#Smartcards
SessionConfig=ALL Smartcards=yes

DeskColor="0 98 196"
Desktop=tc_splash.jpg Layout=Stretch
Dualhead=yes ManualOverride=yes MonitorAutoDetect=yes
Screensaver=0 LockTerminal=no Type=0

Timeserver=xxx.xxx.xxx.xxx Timeformat="24-hour format" Dateformat=dd/mm/yyyy
; If you are using an older version of WTOS code please use:
; TimeZone= 'GMT' ManualOverride=yes Daylight=yes Start=030507 End=100507 TimeZoneName=GMT DayLightName=GMT

TimeZone='Greenwich Mean Time' ManualOverride=yes Daylight=yes Start=030507 End=100507 TimeZoneName="GMT Standard Time" DayLightName="GMT Daylight Time"

Device=Ethernet Speed="Auto"
; If you are using a version of WTOS code < 7.1_133 please use:
; RapportDisable= instead of WDMService=
WDMService=Yes DNSLookup=yes
SignOn=Yes
DisableDomain=yes
DomainList="xxx"

IEEE8021X=yes network=wired

SessionConfig=ALL DisableSound=No Fullscreen=yes
UniSession=yes

PnliteServer=http://xxx/Citrix/xxx/PNAgent/config.xml Storefront=yes ReconnectAtLogon=2 ReconnectFromButton=0
SessionConfig=ICA DesktopMode=Fullscreen SessionReliability=yes WarnPopup=yes OnDesktop=desktops AudioQuality=High USBRedirection=HDX

;*************************************************************
;* TARGETS *
;*************************************************************
;Place individual settings files in the ..\inc directory

Include=$MAC.ini

No Responses!

Was this post helpful?

View All

No Events found!

Top