RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
References
Configurations
History
No history.
Information
Published : 2006-05-15 16:06
Updated : 2024-02-28 10:42
NVD link : CVE-2006-2369
Mitre link : CVE-2006-2369
CVE.ORG link : CVE-2006-2369
JSON object : View
Products Affected
vnc
- realvnc
CWE
CWE-287
Improper Authentication