Unsecured X11 servers offer several opportunities for abuse.
For instance:
Keystrokes, including passwords, may be captured by a remote X client.
A screen dump may be made by a remote client.
The server may act as a proxy, allowing an intruder to bypass
domain-based access controls.
The keyboard may be remapped by a remote client, so that the
local user's keystrokes perform unexpected actions, for example
introducing security loopholes such as appending to .rhosts files.
NCD X-terminals may be reconfigured remotely, redirecting
traffic to an intruders site.
Login spoofs may be introduced, where an intruder's program
mimics a legitimate login prompt in order to capture a password.
Some of these are absurdly easy, requiring no special programs!
Most of these problems may be avoided by not using "xhost +"
in login and boot scripts, and in lisitng allowed clients in
X-terminal access control dialogs.
The secure shell ssh
allows X-sessions on remote terminals without using the xhost
mechanism. Other guides recommend using Kerberos authenication
such as the xauth mechanism. X-terminals should have remote
configuration limited to trusted machines. Alternatively XDMCP may
be used to connect to a trusted host and then ssh
to required hosts.
LAT transport is more secure against common
sniffers simply because it's more
obscure than telnet.