Manualshelf

Release Notes

ManualsBrandsDell ManualsConverged InfrastructureWyse 3040 Thin Client
21222324252627282930
Security update for Dell Wyse Password
Encoder
Release type and definition
This release resolves a security vulnerability in Dell Wyse Password Encryption on ThinLinux version 2.x. The vulnerability issue is observed
when the passwords are configured using INI parameters.
From this release, a new encrypted password is generated every time when the password is encrypted. The WyseINIKeyCrypt.exe
tool that is used to generate encrypted password is deprecated for an INI user. You cannot use the password encrypted strings generated
using the
WyseINIKeyCrypt.exe tool for INI configurations. If old password encrypted strings are used, then the password decryption
fails, and the INI configuration is applied to thin clients.
Priority and recommendations
Recommended: Dell recommends applying this update during your next scheduled update cycle. The update contains feature
enhancements or changes that will help keep your system software current and compatible with other system modules (firmware, BIOS,
drivers and software).
Password encoder
By default, passwords in INI parameters use base-64 encoding. Dell recommends that you use the AES encryption for high security
purpose. From this release onwards, an AES encrypted password is generated by using the iniencrypt tool on thin clients running
ThinLinux version 2.x.
AES password encoding—All passwords that are set using the INI parameter support the AES password encoding. Use the INI
parameter PasswordEncryptionCode to specify the password encoding. Use the INI parameter PasswordEncryptionCode=2 to
specify the AES password.
NOTE:
If the INI parameter PasswordEncryptionCode is set to 2, and if you use a password value that is not
encrypted using the iniencrypt tool, the result is undefined.
NOTE: The iniencrypt tool is supported on ThinLinux version 2.1.0.01 or later.
To generate an AES encrypted password, do the following:
1. Log in as an administrator on the thin client.
2. Start the X term.
3. Enter the iniencrypt command along with the password which you want to encrypt in the following format:
$ iniencrypt <password in plain text>
For example, to encode the text password, enter the command as $ iniencrypt password.
The encrypted password is displayed on the terminal screen.
To generate a password with special characters or space, use the shell escape character \ before the special character. For example, to
encode the string password#123, enter the command as $ iniencrypt password\#123.
NOTE:
An AES password encoding supports only English characters.
This release supports iniencrypt only for the INI user. However, the functionality of Wyse Management Suite, and
Wyse Device Manager remain the same.
5
Security update for Dell Wyse Password Encoder 25