// For flags

CVE-2006-2369

RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Bypass

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

7
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.

RealVNC 4.1.1 y otros productos que usan RealVNC tales como AdderLink IP y Cisco CallManager, permite a atacantes remotos eludir autenticación a través de una petición en la que el cliente especifica un tipo de seguridad insegura como "Type 1 - None", que es aceptada incluso si no es ofrecida por el servidor, como se demuestra originalmente usando una contraseña larga.

Detect VNC servers that support the "None" authentication method.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-05-15 CVE Reserved
  • 2006-05-15 CVE Published
  • 2006-05-15 First Exploit
  • 2024-08-07 CVE Updated
  • 2024-09-03 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-287: Improper Authentication
CAPEC
References (32)
URL Tag Source
http://marc.info/?l=full-disclosure&m=114768344111131&w=2 Mailing List
http://marc.info/?l=vnc-list&m=114755444130188&w=2 Mailing List
http://seclists.org/fulldisclosure/2022/May/29 Mailing List
http://securityreason.com/securityalert/8355 Third Party Advisory
http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.html X_refsource_misc
http://www.osvdb.org/25479 Vdb Entry
http://www.securityfocus.com/archive/1/433994/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/434015/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/434117/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/434518/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/434560/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/438175/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/438368/100/0/threaded Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/26445 Vdb Entry
https://en.wikipedia.org/wiki/RFB
https://en.wikipedia.org/wiki/Vnc
URL Date SRC
https://www.exploit-db.com/exploits/1791 2006-05-16
https://www.exploit-db.com/exploits/1794 2006-05-15
https://www.exploit-db.com/exploits/36932 2012-05-13
https://www.exploit-db.com/exploits/17719 2011-08-26
http://securitytracker.com/id?1016083 2024-08-07
http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html 2024-08-07
http://www.securityfocus.com/bid/17978 2024-08-07
URL Date SRC
http://secunia.com/advisories/20107 2022-05-13
http://secunia.com/advisories/20109 2022-05-13
http://www.kb.cert.org/vuls/id/117929 2022-05-13
http://www.realvnc.com/products/free/4.1/release-notes.html 2022-05-13
URL Date SRC
http://secunia.com/advisories/20789 2022-05-13
http://www.cisco.com/warp/public/707/cisco-sr-20060622-cmm.shtml 2022-05-13
http://www.vupen.com/english/advisories/2006/1790 2022-05-13
http://www.vupen.com/english/advisories/2006/1821 2022-05-13
http://www.vupen.com/english/advisories/2006/2492 2022-05-13
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vnc
Search vendor "Vnc"
 Realvnc
Search vendor "Vnc" for product "Realvnc"
 4.1.1
Search vendor "Vnc" for product "Realvnc" and version "4.1.1"
-
Affected