In a previous post we explained how to add remote data persistence to your apps by saving cookies in the browser. In this opportunity we will take advantage of this feature to develop a small but useful demo that shows how to provide an extended sign-on for web users.
Thinfinity VirtualUI web enabled apps were born as desktop apps and most include their own login mechanism. In this opportunity, we will show you how to extend your own existing application’s sign-on process, getting the browser to identify the application’s user. In this way, users would only need to manually log in when accessing the application for the first time, after logging out or when the login ID has expired. Continue reading →
Last Friday we announced the beta build of Thinfinity VirtualUI v2. We are excited about this new version because it includes several new major features that take VirtualUI to a new level of virtualization and integration.
In this opportunity, we will learn how End-User Authentication works in VirtualUI web-enabled applications. Continue reading →
Old Thinfinity Remote Desktop Workstation versions implemented a license system that uses some local hardware and software values to create a digital fingerprint. Since this is uncritical but unrepeatable information, it is ideal to be used for identification purposes when attached to the final license data.
Windows 10 installation changes some of the original PC values, causing the mentioned error when Thinfinity Remote Desktop Workstation tries to verify its license information.
Thinfinity VirtualUI offers a special access method called “One-Time URL”. This mechanism was designed to create a temporary, unique url to provide one-time access to a specific application. This temporary url is disposed as soon as it is used or after a specified period of time has elapsed.
These are the main scenarios where the One-Time URL access method is most useful:
Single Sign-on scenarios.
External authentication methods.
One-time invitations to run a program (i.e. application demos/presentations).
Thinfinity Remote Desktop Workstation v184.108.40.206 includes the following vulnerability:
A generic directory traversal flaw was found. After testing both Thinfinity Remote Desktop Workstation version 220.127.116.11 and version 18.104.22.168, the flaw is only present in the later version.
Successful exploitation of this vulnerability could result in the possibility of downloading a file off the remote Windows host (i.e. via the default port 8081 or whichever other port it is configured to use). The flaw was present whether or not “File Transfer” was enabled -regardless of the security mode in use (i.e. None, Digest or Windows Logon).