Open X display |
---|
Risk Level: | High | Check or Attack Name: xcheck |
---|---|---|
Platforms: | X11 | |
Description: | Open X Displays allow an attacker to capture keystrokes and to execute commands remotely. Many users have their X Server set to xhost +, permitting access to the X Server by anyone, from anywhere. |
|
Remedy: | If you are using xhost-type authentication you should issue an xhost - command and then selectively allow only trusted hosts to connect with xhost + commands. A cryptographically secure authentication, such as provided by the xauth program, is always preferred. Consult your X11 server's documentation for further security information. |
|
References: | Indiana University, Crash Course in X Windows Security, http://www.uwsg.indiana.edu/usail/external/recommended/Xsecure.html |
Know Your Risks |