Settings on Wyse Device that could compromise desktop access?

Hey All,

A colleague of mine discovered the following "trick" to access someone else's desktop.

Our configuration had "shutdowncounter=20". This was to originally allow persona management to do it's thing in the background after a full VDI shutdown, however it was discovered that if the user was disconnecting a session by pressing the ThinClient power button, the shutdown timer would kick in as configured....assuming that user left their desk, we were then able to cancel the shutdown timer and re-connect to the users desktop without any password entry or authentication request.

We removed the shutdown timer as this was a fairly big security breach.

I would recommend that the official ini config document warns admins about the potential of this configuration.

Thanks,

S