Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2006-2369

Published: 15/05/2006 Updated: 13/05/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 801
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Vnc

Vulnerability Summary

RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote malicious users to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vnc realvnc 4.1.1

Vendor Advisories

Debian CVElist Bug Report Logs: libvncserver: authentication bypass [CVE-2006-2450]
Debian Bug report logs - #376824 libvncserver: authentication bypass [CVE-2006-2450] Package: libvncserver; Maintainer for libvncserver is Peter Spiess-Knafl <dev@spiessknaflat>; Reported by: Martin Pitt <mpitt@debianorg> Date: Wed, 5 Jul 2006 10:33:17 UTC Severity: grave Tags: security Found in version libvncser ...

Exploits

Exploit DB: RealVNC Authentication Bypass
This Metasploit module exploits an Authentication Bypass Vulnerability in RealVNC Server version 410 and 411 It sets up a proxy listener on LPORT and proxies to the target server The AUTOVNC option requires that vncviewer be installed on the attacking machine This option should be disabled for Pro ...
Exploit DB: RealVNC 4.1.0/4.1.1 - Authentication Bypass
# Exploit Title: RealVNC 410 and 411 Authentication Bypass Exploit # Date: 2012-05-13 # Author: @fdiskyou # e-mail: rui at deniableorg # Version: 410 and 411 # Tested on: Windows XP # CVE: CVE-2006-2369 # Requires vncviewer installed # Basic port of hdmoore/msf2 perl version to python for fun and profit (ease of use) import select import ...
Exploit DB: RealVNC - Authentication Bypass (Metasploit)
## # $Id: realvnc_41_bypassrb 13641 2011-08-26 04:40:21Z bannedit $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...
Exploit DB: RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Bypass (Metasploit)
## # This file is part of the Metasploit Framework and may be redistributed # according to the licenses defined in the Authors field below In the # case of an unknown or missing license, this file defaults to the same # license as the core Framework (dual GPLv2 and Artistic) The latest # version of the Framework can always be obtained from metasp ...
Exploit DB: RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Bypass
xx vnc-4_1_1-unixsrcbl4ck/common/rfb/CConnectioncxx --- vnc-4_1_1-unixsrc/common/rfb/CConnectioncxx 2005-03-11 09:08:41000000000 -0600 +++ vnc-4_1_1-unixsrcbl4ck/common/rfb/CConnectioncxx 2006-05-15 14:03:30000000000 -0500 @@ -183,7 +183,12 @@ // Inform the server of our decision if (secType != secTypeInvalid) { - os ...

Nmap Scripts

realvnc-auth-bypass

Checks if a VNC server is vulnerable to the RealVNC authentication bypass (CVE-2006-2369).

nmap -sV --script=realvnc-auth-bypass <target>

PORT     STATE SERVICE VERSION
5900/tcp open  vnc     VNC (protocol 3.8)
| realvnc-auth-bypass:
|   VULNERABLE:
|   RealVNC 4.1.0 - 4.1.1 Authentication Bypass
|     State: VULNERABLE
|     IDs:  CVE:CVE-2006-2369
|     Risk factor: High  CVSSv2: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
|       RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and
|       Cisco CallManager, allows remote attackers to bypass authentication via a
|       request in which the client specifies an insecure security type such as
|       "Type 1 - None", which is accepted even if it is not offered by the server.
|     Disclosure date: 2006-05-08
|     References:
|       http://www.intelliadmin.com/index.php/2006/05/security-flaw-in-realvnc-411/
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2369
realvnc-auth-bypass

Checks if a VNC server is vulnerable to the RealVNC authentication bypass (CVE-2006-2369).

nmap -sV --script=realvnc-auth-bypass <target>

PORT     STATE SERVICE VERSION
5900/tcp open  vnc     VNC (protocol 3.8)
| realvnc-auth-bypass:
|   VULNERABLE:
|   RealVNC 4.1.0 - 4.1.1 Authentication Bypass
|     State: VULNERABLE
|     IDs:  CVE:CVE-2006-2369
|     Risk factor: High  CVSSv2: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
|       RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and
|       Cisco CallManager, allows remote attackers to bypass authentication via a
|       request in which the client specifies an insecure security type such as
|       "Type 1 - None", which is accepted even if it is not offered by the server.
|     Disclosure date: 2006-05-08
|     References:
|       http://www.intelliadmin.com/index.php/2006/05/security-flaw-in-realvnc-411/
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2369

Github Repositories

https://github.com/RootUp/AutoSploit

Autosploit = Automating Metasploit Modules.

Autosploit = Automating Metasploit Modules Execute MSF Modules on a target machine MS08_067 MS17_010 MS03_026 MS12_020 MS10_061 MS09_050 MS06_040 MS05_039 MS12_020 OSVDB-73573 CVE-2017-5689 CVE-2012-1823 CVE-2006-2369 CVE-2009-3843 SMB Session Pipe Auditor Gathering GPP Saved Passwords Checks for multiple auxiliary modules Execute MSF Modules on a target machine if applicati

https://github.com/krishpranav/autosploit

A simple ruby tool to automate metasploit modules

autosploit A simple ruby tool to automate metasploit modules Installation git clone githubcom/krishpranav/autosploit cd autosploit bash autosploitsh Execute MSF Modules on a target machine MS08_067 MS17_010 MS03_026 MS12_020 MS10_061 MS09_050 MS06_040 MS05_039 MS12_020 OSVDB-73573 CVE-2017-5689 CVE-2012-1823 CVE-2006-2369 CVE-

References

CWE-287http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.htmlhttp://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.htmlhttp://www.realvnc.com/products/free/4.1/release-notes.htmlhttp://www.kb.cert.org/vuls/id/117929http://www.securityfocus.com/bid/17978http://securitytracker.com/id?1016083http://secunia.com/advisories/20107http://secunia.com/advisories/20109http://www.osvdb.org/25479http://www.cisco.com/warp/public/707/cisco-sr-20060622-cmm.shtmlhttp://secunia.com/advisories/20789http://www.vupen.com/english/advisories/2006/1790http://www.vupen.com/english/advisories/2006/2492http://www.vupen.com/english/advisories/2006/1821http://securityreason.com/securityalert/8355http://marc.info/?l=vnc-list&m=114755444130188&w=2http://marc.info/?l=full-disclosure&m=114768344111131&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/26445http://www.securityfocus.com/archive/1/438368/100/0/threadedhttp://www.securityfocus.com/archive/1/438175/100/0/threadedhttp://www.securityfocus.com/archive/1/434560/100/0/threadedhttp://www.securityfocus.com/archive/1/434518/100/0/threadedhttp://www.securityfocus.com/archive/1/434117/100/0/threadedhttp://www.securityfocus.com/archive/1/434015/100/0/threadedhttp://www.securityfocus.com/archive/1/433994/100/0/threadedhttp://seclists.org/fulldisclosure/2022/May/29https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376824https://nvd.nist.govhttps://github.com/RootUp/AutoSploithttps://www.exploit-db.com/exploits/36932/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook