CVE-2006-2369
CVE-2006-2369
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 4
exploitdbwww.exploit-db.com/exploits/1791não verificadoexploitdbwww.exploit-db.com/exploits/1794não verificadoexploitdbwww.exploit-db.com/exploits/17719não verificadoexploitdbwww.exploit-db.com/exploits/36932não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://marc.info/?l=full-disclosure&m=114768344111131&w=2http://marc.info/?l=vnc-list&m=114755444130188&w=2http://seclists.org/fulldisclosure/2022/May/29http://secunia.com/advisories/20107http://secunia.com/advisories/20109http://secunia.com/advisories/20789http://securityreason.com/securityalert/8355http://securitytracker.com/id?1016083https://exchange.xforce.ibmcloud.com/vulnerabilities/26445http://www.cisco.com/warp/public/707/cisco-sr-20060622-cmm.shtmlhttp://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.htmlhttp://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html