CVE-2006-2369

Name of the Vulnerable Software and Affected Versions RealVNC version 4.1.1 AdderLink IP (affected versions not specified) Cisco CallManager (affected versions not specified)

Description The issue allows remote attackers to bypass authentication by specifying an insecure security type, such as Type 1 - None, in a request, which is accepted even if it is not offered by the server. This can be achieved by using a long password.

Recommendations For RealVNC version 4.1.1, update to a version that does not accept insecure security types. For AdderLink IP, restrict access to the VNC server until a fix is available. For Cisco CallManager, consider disabling VNC access until the issue is resolved. As a temporary workaround, consider configuring the server to only offer secure security types.