CVE-2006-2369

 

Published at: - 15-05-2006 06:06

Last modified: - 13-05-2022 08:15

Total changes: - 2

Description

RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:P/A:P

 

Verification logic

 

Reference

• http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.html
• http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html
• http://www.realvnc.com/products/free/4.1/release-notes.html
• VU#117929-Patch, Third Party Advisory, US Government Resource
• 17978-Exploit, Patch
• 1016083-Exploit, Patch
• 20107-Patch, Vendor Advisory
• 20109-Patch, Vendor Advisory
• 25479-
• 20060622 RealVNC Remote Authentication Bypass Vulnerability-
• 20789-Vendor Advisory
• ADV-2006-1790-Vendor Advisory
• ADV-2006-2492-Vendor Advisory
• ADV-2006-1821-Vendor Advisory
• 8355-
• [vnc-list] 20060513 Version 4.1.2-
• 20060515 RealVNC 4.1.1 Remote Compromise-
• realvnc-auth-bypass(26445)-
• 20060624 Re: Linux VNC evil client patch - BID 17978-
• 20060623 Linux VNC evil client patch - BID 17978-
• 20060520 Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise-
• 20060518 RE: [Full-disclosure] RealVNC 4.1.1 Remote Compromise-
• 20060516 re: RealVNC 4.1.1 Remote Compromise-
• 20060515 Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise-
• 20060515 RealVNC 4.1.1 Remote Compromise-
• 20220513 some details regarding CVE-2022-24422 / iDRAC VNC authentication-

 

Keywords

NVD

 

CVE-2006-2369

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures