RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
References
Configurations
History
13 May 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2006-05-15 16:06
Updated : 2024-02-04 16:52
NVD link : CVE-2006-2369
Mitre link : CVE-2006-2369
CVE.ORG link : CVE-2006-2369
JSON object : View
Products Affected
vnc
- realvnc
CWE
CWE-287
Improper Authentication