Vulnerability Note VU#117929
RealVNC Server does not validate client authentication method
The RealVNC Server fails to properly authenticate clients. This may allow a remote attacker to bypass authentication and gain access to the VNC server.
The Virtual Network Computing (VNC) Protocol
According to RealVNC, "The VNC protocol is a simple protocol for remote access to graphical user interfaces."
A remote, unauthenticated attacker could gain access to a system running RealVNC server. If the RealVNC server runs with administrative privileges, the attacker could gain complete control of the system.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|RealVNC||Affected||-||16 May 2006|
|Red Hat, Inc.||Not Affected||-||17 May 2006|
CVSS Metrics (Learn More)
This vulnerability was reported by James Evans.
This document was written by Jeff Gennari.
- CVE IDs: Unknown
- Date Public: 15 May 2006
- Date First Published: 16 May 2006
- Date Last Updated: 26 Feb 2008
- Severity Metric: 30.49
- Document Revision: 47
If you have feedback, comments, or additional information about this vulnerability, please send us email.