malerisch.net: Pwning a thin client in less than two minutes

By | April 1, 2016

RT @m3g9tr0n: Pwning a thin client in less than two minutes
//t.co/Y9FK57uVy2

Source: blog.malerisch.net

Normally, HP ThinPro OS interface is configured in a kiosk mode, as the concept of a thin/zero client is based on using a thick client to connect to another resource. For this purpose, a standard user does not need to authenticate to the thin client per se and would just need to perform a connection – e.g. VMware Horizon View. The user will eventually authenticate through the connection.
 

The point of this blog post is to demonstrate that a malicious actor can compromise such thin clients in a trivial and quick way provided physical access, a standard prerequisite in an attack against a kiosk.