CVE-2006-2369
CVE-2006-2369
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
Productos afectados
n/a · n/aPoCs públicas encontradas — 4
exploitdbwww.exploit-db.com/exploits/1791no verificadoexploitdbwww.exploit-db.com/exploits/1794no verificadoexploitdbwww.exploit-db.com/exploits/17719no verificadoexploitdbwww.exploit-db.com/exploits/36932no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://marc.info/?l=full-disclosure&m=114768344111131&w=2http://marc.info/?l=vnc-list&m=114755444130188&w=2http://seclists.org/fulldisclosure/2022/May/29http://secunia.com/advisories/20107http://secunia.com/advisories/20109http://secunia.com/advisories/20789http://securityreason.com/securityalert/8355http://securitytracker.com/id?1016083https://exchange.xforce.ibmcloud.com/vulnerabilities/26445http://www.cisco.com/warp/public/707/cisco-sr-20060622-cmm.shtmlhttp://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.htmlhttp://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html