mirror of
https://github.com/0xMarcio/cve.git
synced 2026-06-01 11:01:35 +02:00
0xMarcio
1.2 KiB
1.2 KiB
CVE-2006-2369
Description
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
POC
Reference
- http://seclists.org/fulldisclosure/2022/May/29
- http://seclists.org/fulldisclosure/2022/May/29
- http://securityreason.com/securityalert/8355
- http://securityreason.com/securityalert/8355
- http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html
- http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html