PT-2006-3333 · Adder+2 · Adderlink Ip+2
Dane Bouchie
+1
·
Published
2006-05-15
·
Updated
2024-09-05
·
CVE-2006-2369
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
RealVNC version 4.1.1
AdderLink IP (affected versions not specified)
Cisco CallManager (affected versions not specified)
Description
The issue allows remote attackers to bypass authentication by specifying an insecure security type, such as
Type 1 - None, in a request, which is accepted even if it is not offered by the server. This can be achieved by using a long password.Recommendations
For RealVNC version 4.1.1, update to a version that does not accept insecure security types.
For AdderLink IP, restrict access to the VNC server until a fix is available.
For Cisco CallManager, consider disabling VNC access until the issue is resolved.
As a temporary workaround, consider configuring the server to only offer secure security types.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Adderlink Ip
Cisco Callmanager
Realvnc