QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2006-2369

Back to search

CVE-2006-2369

Published: May 15, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.

VendorProductVersions

n/a

n/a

affected
n/a

References

8355
third-party-advisory
x_refsource_SREASON
ADV-2006-2492
vdb-entry
x_refsource_VUPEN
20107
third-party-advisory
x_refsource_SECUNIA
20060516 re: RealVNC 4.1.1 Remote Compromise
mailing-list
x_refsource_BUGTRAQ
20060515 RealVNC 4.1.1 Remote Compromise
mailing-list
x_refsource_FULLDISC
VU#117929
third-party-advisory
x_refsource_CERT-VN
1016083
vdb-entry
x_refsource_SECTRACK
ADV-2006-1821
vdb-entry
x_refsource_VUPEN
realvnc-auth-bypass(26445)
vdb-entry
x_refsource_XF
20060515 RealVNC 4.1.1 Remote Compromise
mailing-list
x_refsource_BUGTRAQ
17978
vdb-entry
x_refsource_BID
25479
vdb-entry
x_refsource_OSVDB
20109
third-party-advisory
x_refsource_SECUNIA
[vnc-list] 20060513 Version 4.1.2
mailing-list
x_refsource_MLIST
ADV-2006-1790
vdb-entry
x_refsource_VUPEN
20789
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now