Tiny Personal Firewall Locked Terminal Bypass Vulnerability

http://online.securityfocus.com/bid/4207

{QUOTE->
An issue has been reported in Tiny Personal Firewall which could allow a local attacker to permit users unauthorized access to Tiny Personal Firewall. Reportedly, this is possible even if the local system is locked.

Allegedly, a user scanning the network could initiate an alert dialogue in the foreground of a locked workstation with the firewall installed. The dialogue box requires the user to either permit or deny input. If the workstation is unattended the local attacker could select permit and enter information to the firewall program, without the legitimate user of the services knowledge.

Potentially this issue could allow unauthorized users to modify the Personal Tiny Firewal settings.
<-QUOTE}

{QUOTE->
Maher Odeh <rax@X-war.org> has reported that disabling 'learning' mode will address this issue.

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


Tiny Personal Firewall 2.0.15:
<-QUOTE}

The question is, is KPF still vulnerable?

that is a great site. I really enjoyed this article:

http://online.securityfocus.com/columnists/63