Red Hat · Libvirt · CVE-2016-5008
**Name of the Vulnerable Software and Affected Versions**
libvirt versions prior to 2.0.0
**Description**
The issue allows remote attackers to bypass authentication and establish a VNC session by connecting to the server when the password on a VNC server is set to an empty string.
**Recommendations**
For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider setting a non-empty password for the VNC server to prevent unauthorized access.