header-logo
Suggest Exploit
vendor:
RealVNC
by:
milw0rm.com
9,3
CVSS
HIGH
VNC Null Authentication
287
CWE
Product Name: RealVNC
Affected Version From: 4.1.0
Affected Version To: 4.1.1
Patch Exists: YES
Related CWE: CVE-2006-2369
CPE: a:realvnc:realvnc:4.1.1
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0630/https://www.rapid7.com/db/vulnerabilities/freebsd-vid-9dda3ff1-2b02-11db-a6e2-000e0c2e438a/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2006-2450/https://www.rapid7.com/db/vulnerabilities/suse-cve-2006-2450/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux
2006

RealVNC 4.1.0 – 4.1.1 (VNC Null Authentication) Vulnerability Scanners

This vulnerability allows an attacker to bypass authentication on RealVNC 4.1.0 - 4.1.1. The vulnerability is due to a lack of authentication when connecting to the VNC server. An attacker can exploit this vulnerability to gain access to the VNC server without authentication.

Mitigation:

Upgrade to the latest version of RealVNC.
Source

Exploit-DB raw data:

class101 - http://heapoverflow.com
RealVNC 4.1.0 - 4.1.1 (VNC Null Authentication) Vulnerability Scanners
---------------------------------------------------------------------
windows: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/1799-1.rar (05172006-VNC_bypauth-win32.rar)
linux: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/1799-2.rar (05172006-VNC_bypauth-linux.tar.gz)
comments: http://heapoverflow.com/viewtopic.php?p=1729
---------------------------------------------------------------------

# milw0rm.com [2006-05-17]

Navigation

Suggest Exploit

Services By CQR