Open X display

Risk Level: High risk vulnerability  High

Check or Attack Name: xcheck

Platforms: X11
Description:

Open X Displays allow an attacker to capture keystrokes and to execute commands remotely. Many users have their X Server set to xhost +, permitting access to the X Server by anyone, from anywhere.

Remedy:

If you are using xhost-type authentication you should issue an xhost - command and then selectively allow only trusted hosts to connect with xhost + commands. A cryptographically secure authentication, such as provided by the xauth program, is always preferred. Consult your X11 server's documentation for further security information.

References:

Indiana University, Crash Course in X Windows Security, http://www.uwsg.indiana.edu/usail/external/recommended/Xsecure.html


X-Force Logo
Know Your Risks