FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vnc -- authentication bypass vulnerability

Affected packages
vnc = 4.1.1

Details

VuXML ID 4645b98c-e46e-11da-9ae7-00123fcc6e5c
Discovery 2006-05-15
Entry 2006-05-18

RealVNC is susceptible to an authentication-bypass vulnerability. A malicious VNC client can cause a VNC server to allow it to connect without any authentication regardless of the authentication settings configured in the server. Exploiting this issue allows attackers to gain unauthenticated, remote access to the VNC servers.

References

Bugtraq ID 17978
Message http://www.securityfocus.com/archive/1/433994/30/0/threaded

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.