CVE-2006-2369 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-2369
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-2369

Description: RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26445 ST 1016083 SAID Secunia Advisory: SA20789 Secunia Advisory: SA20107 Secunia Advisory: SA20109 OSVDB 25479 MLIST http://marc.theaimsgroup.com/?l=vnc-list&m=114755444130188&w=2 MISC http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.html FULLDISC http://marc.theaimsgroup.com/?l=full-disclosure&m=114768344111131&w=2 CONFIRM http://www.realvnc.com/products/free/4.1/release-notes.html CISCO http://www.cisco.com/warp/public/707/cisco-sr-20060622-cmm.shtml CERT-VN 117929 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/434015/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/433994/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/438368/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/438175/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/434560/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/434518/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/434117/100/0/threaded BID 17978

Return to the previous page.