CVE-2002-2036: Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as a
infovulnerability
security
Summary
Sun Ray Server Software (SRSS) version 1.3 has a vulnerability that allows remote attackers to log in as another user when Non-Smartcard Mobility (NSCM, a feature that lets users connect from different systems) is enabled, by running dtlogin (a login program) from a system that supports XDMCP (a protocol for remote display connections). This is a serious authentication bypass vulnerability that could let attackers impersonate legitimate users.
Vulnerability Details
CVSS Score
7.5
EPSS (30-day exploit probability)
EPSS: 1.5%
Classification
Attack SophisticationModerate
Original source: https://nvd.nist.gov/vuln/detail/CVE-2002-2036
First tracked: February 15, 2026 at 08:45 PM
Classified by LLM (prompt v3) · confidence: 95%