Family: Misc. --> Category: attack
RealVNC Authentication Bypass Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to bypass authentication using RealVNC
Detailed Explanation for this Vulnerability Test
The remote VNC server is prone to an authentication bypass issue.
The remote host appears to be running RealVNC, a VNC server for
Windows and Linux/unix platforms.
The version of RealVNC installed on the remote host allows a possible hacker
to bypass authentication by simply requesting 'Type 1 - None' as the
authentication type even though it is not explicitly configured to
support that. By exploiting this issue, a possible hacker gains access to
the affected host at the privilege level under which RealVNC operates,
typically as Administrator under Windows.
See also :
Upgrade to RealVNC Free Edition 4.1.2 / Personal Edition 4.2.3 /
Enterprise Edition 4.2.3 or later.
High / CVSS Base Score : 7.0
Click HERE for more information and discussions on this network vulnerability scan.