Travis Wise

**Name of the Vulnerable Software and Affected Versions** Neat VNC versions prior to 0.8.1 **Description** The issue is related to a flaw in the authentication procedure of the server.c file in the Neat VNC server library, which allows remote access to computers. This flaw can be exploited by a remote attacker to bypass existing security restrictions. The problem is associated with the improper validation of the security type. **Recommendations** For versions prior to 0.8.1, update to version 0.8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the server.c file or implementing additional security measures to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RealVNC version 4.1.1 AdderLink IP (affected versions not specified) Cisco CallManager (affected versions not specified) **Description** The issue allows remote attackers to bypass authentication by specifying an insecure security type, such as `Type 1 - None`, in a request, which is accepted even if it is not offered by the server. This can be achieved by using a long password. **Recommendations** For RealVNC version 4.1.1, update to a version that does not accept insecure security types. For AdderLink IP, restrict access to the VNC server until a fix is available. For Cisco CallManager, consider disabling VNC access until the issue is resolved. As a temporary workaround, consider configuring the server to only offer secure security types.