Novell ZENworks Configuration Management 11.2
Potential vulnerability found when scanning a ZENworks Appliance server.
Place filters to block unauthorized connections from accessing the X server. ZCM does not require X to be running, nor does it require remote X access. Running the command 'xhost -' will enable access control for remote x functionality. You can then validate that access control is enabled by issuing the 'xhost' command by itself.
The X server running on the appliance has no access controls present. This allows an attacker to make a client connect to the X server to record the keystrokes of the user, which may contain sensitive information, such as account passwords.