Tiny Personal Firewall Locked Terminal Bypass Vulnerability

An issue has been reported in Tiny Personal Firewall which could allow a local attacker to permit users unauthorized access to Tiny Personal Firewall. Reportedly, this is possible even if the local system is locked.



A user scanning the network could initiate an alert dialogue in the foreground of a locked workstation with the firewall installed. The dialogue box requires the user to either permit or deny input. If the workstation is unattended the local attacker could select permit and enter information to the firewall program, without the legitimate user of the services knowledge.

Potentially this issue could allow unauthorized users to modify the Personal Tiny Firewal settings.

Remote: No

Exploit: There is no exploit.

Vulnerable: Tiny Personal Firewall 2.0.15