7.5
CVSSv2

CVE-2006-2369

Published: 15/05/2006 Updated: 21/11/2024

Vulnerability Summary

RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote malicious users to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vnc realvnc 4.1.1

Vendor Advisories

Debian Bug report logs - #376824 libvncserver: authentication bypass [CVE-2006-2450] Package: libvncserver; Maintainer for libvncserver is Peter Spiess-Knafl <dev@spiessknaflat>; Reported by: Martin Pitt <mpitt@debianorg> Date: Wed, 5 Jul 2006 10:33:17 UTC Severity: grave Tags: security Found in version libvncser ...

Exploits

This Metasploit module exploits an Authentication Bypass Vulnerability in RealVNC Server version 410 and 411 It sets up a proxy listener on LPORT and proxies to the target server The AUTOVNC option requires that vncviewer be installed on the attacking machine This option should be disabled for Pro ...
# Exploit Title: RealVNC 410 and 411 Authentication Bypass Exploit # Date: 2012-05-13 # Author: @fdiskyou # e-mail: rui at deniableorg # Version: 410 and 411 # Tested on: Windows XP # CVE: CVE-2006-2369 # Requires vncviewer installed # Basic port of hdmoore/msf2 perl version to python for fun and profit (ease of use) import select import ...
## # This file is part of the Metasploit Framework and may be redistributed # according to the licenses defined in the Authors field below In the # case of an unknown or missing license, this file defaults to the same # license as the core Framework (dual GPLv2 and Artistic) The latest # version of the Framework can always be obtained from metasp ...
xx vnc-4_1_1-unixsrcbl4ck/common/rfb/CConnectioncxx --- vnc-4_1_1-unixsrc/common/rfb/CConnectioncxx 2005-03-11 09:08:41000000000 -0600 +++ vnc-4_1_1-unixsrcbl4ck/common/rfb/CConnectioncxx 2006-05-15 14:03:30000000000 -0500 @@ -183,7 +183,12 @@ // Inform the server of our decision if (secType != secTypeInvalid) { - os ...
## # $Id: realvnc_41_bypassrb 13641 2011-08-26 04:40:21Z bannedit $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...

Mailing Lists

Hi, On Fri, Aug 02, 2024 at 02:46:48PM +0000, Dane Bouchie wrote: FTR, this issue has the following CVE assigned: wwwcveorg/CVERecord?id=CVE-2024-42458 Regards, Salvatore ...
This issue is basically CVE-2006-2369 On Aug 2, 2024 10:41 AM, Dane Bouchie <dbouchie () iradimed com> wrote: The client chooses the security type, so they can pass in "None" to the switch statement is_allowed_security_type() now prevents that Dane Bouchie | Software Engineer dbouchie () iradimed com | P 4076778022, 170 1025 Willa Spri ...

Nmap Scripts

realvnc-auth-bypass

Checks if a VNC server is vulnerable to the RealVNC authentication bypass (CVE-2006-2369).

nmap -sV --script=realvnc-auth-bypass <target>

PORT STATE SERVICE VERSION 5900/tcp open vnc VNC (protocol 3.8) | realvnc-auth-bypass: | VULNERABLE: | RealVNC 4.1.0 - 4.1.1 Authentication Bypass | State: VULNERABLE | IDs: CVE:CVE-2006-2369 | Risk factor: High CVSSv2: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) | RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and | Cisco CallManager, allows remote attackers to bypass authentication via a | request in which the client specifies an insecure security type such as | "Type 1 - None", which is accepted even if it is not offered by the server. | Disclosure date: 2006-05-08 | References: | http://www.intelliadmin.com/index.php/2006/05/security-flaw-in-realvnc-411/ |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2369
realvnc-auth-bypass

Checks if a VNC server is vulnerable to the RealVNC authentication bypass (CVE-2006-2369).

nmap -sV --script=realvnc-auth-bypass <target>

PORT STATE SERVICE VERSION 5900/tcp open vnc VNC (protocol 3.8) | realvnc-auth-bypass: | VULNERABLE: | RealVNC 4.1.0 - 4.1.1 Authentication Bypass | State: VULNERABLE | IDs: CVE:CVE-2006-2369 | Risk factor: High CVSSv2: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) | RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and | Cisco CallManager, allows remote attackers to bypass authentication via a | request in which the client specifies an insecure security type such as | "Type 1 - None", which is accepted even if it is not offered by the server. | Disclosure date: 2006-05-08 | References: | http://www.intelliadmin.com/index.php/2006/05/security-flaw-in-realvnc-411/ |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2369

Github Repositories

A simple ruby tool to automate metasploit modules

autosploit A simple ruby tool to automate metasploit modules Installation git clone githubcom/krishpranav/autosploit cd autosploit bash autosploitsh Execute MSF Modules on a target machine MS08_067 MS17_010 MS03_026 MS12_020 MS10_061 MS09_050 MS06_040 MS05_039 MS12_020 OSVDB-73573 CVE-2017-5689 CVE-2012-1823 CVE-2006-2369 CVE-

Autosploit = Automating Metasploit Modules.

Autosploit = Automating Metasploit Modules Execute MSF Modules on a target machine MS08_067 MS17_010 MS03_026 MS12_020 MS10_061 MS09_050 MS06_040 MS05_039 MS12_020 OSVDB-73573 CVE-2017-5689 CVE-2012-1823 CVE-2006-2369 CVE-2009-3843 SMB Session Pipe Auditor Gathering GPP Saved Passwords Checks for multiple auxiliary modules Execute MSF Modules on a target machine if applicati