CVE-2006-2369
RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
9Exploited in Wild
-Decision
Descriptions
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
RealVNC 4.1.1 y otros productos que usan RealVNC tales como AdderLink IP y Cisco CallManager, permite a atacantes remotos eludir autenticación a través de una petición en la que el cliente especifica un tipo de seguridad insegura como "Type 1 - None", que es aceptada incluso si no es ofrecida por el servidor, como se demuestra originalmente usando una contraseña larga.
Detect VNC servers that support the "None" authentication method.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-05-15 CVE Reserved
- 2006-05-15 CVE Published
- 2006-05-15 First Exploit
- 2024-08-07 CVE Updated
- 2025-06-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (33)
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/180978 | 2024-09-01 | |
| https://packetstorm.news/files/id/104471 | 2011-08-26 | |
| https://www.exploit-db.com/exploits/1791 | 2006-05-16 | |
| https://www.exploit-db.com/exploits/1794 | 2006-05-15 | |
| https://www.exploit-db.com/exploits/36932 | 2012-05-13 | |
| https://www.exploit-db.com/exploits/17719 | 2011-08-26 | |
| http://securitytracker.com/id?1016083 | 2024-08-07 | |
| http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html | 2024-08-07 | |
| http://www.securityfocus.com/bid/17978 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/20107 | 2022-05-13 | |
| http://secunia.com/advisories/20109 | 2022-05-13 | |
| http://www.kb.cert.org/vuls/id/117929 | 2022-05-13 | |
| http://www.realvnc.com/products/free/4.1/release-notes.html | 2022-05-13 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/20789 | 2022-05-13 | |
| http://www.cisco.com/warp/public/707/cisco-sr-20060622-cmm.shtml | 2022-05-13 | |
| http://www.vupen.com/english/advisories/2006/1790 | 2022-05-13 | |
| http://www.vupen.com/english/advisories/2006/1821 | 2022-05-13 | |
| http://www.vupen.com/english/advisories/2006/2492 | 2022-05-13 |