Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2006-2369 | First vendor Publication | 2006-05-15 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2369 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-287 | Improper Authentication |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
ExploitDB Exploits
| id | Description |
|---|---|
| 2011-08-26 | RealVNC Authentication Bypass |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-04 | Name : FreeBSD Ports: vnc File : nvt/freebsd_vnc.nasl |
| 2008-09-04 | Name : FreeBSD Ports: x11vnc File : nvt/freebsd_x11vnc.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 25479 | RealVNC Security Type Enforcement Failure Remote Authentication Bypass RealVNC contains a flaw that may allow a malicious user to bypass authentication and allows access to the remote system without requiring knowledge of the VNC password. The issue is triggered due to an error within the handling of VNC password authentication requests. This flaw may lead to a loss of confidentiality. |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2006-06-01 | IAVM : 2006-T-0013 - RealVNC Remote Authentication Bypass Vulnerability Severity : Category I - VMSKEY : V0011805 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | RealVNC password authentication bypass attempt RuleID : 6471 - Revision : 13 - Type : SERVER-OTHER |
| 2014-01-10 | RealVNC server authentication version array check RuleID : 13880 - Revision : 3 - Type : EXPLOIT |
| 2014-01-10 | RealVNC server authentication bypass attempt RuleID : 13612 - Revision : 5 - Type : EXPLOIT |
| 2014-01-10 | RealVNC client response RuleID : 13611 - Revision : 5 - Type : EXPLOIT |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-05-19 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4645b98ce46e11da9ae700123fcc6e5c.nasl - Type : ACT_GATHER_INFO |
| 2006-05-15 | Name : The remote VNC server is affected by multiple authentication bypass vulnerabi... File : realvnc_auth_bypass.nasl - Type : ACT_ATTACK |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:20:30 |
|
| 2024-11-28 12:08:56 |
|
| 2022-05-14 00:28:17 |
|
| 2021-05-04 12:04:02 |
|
| 2021-04-22 01:04:35 |
|
| 2020-05-23 13:16:47 |
|
| 2020-05-23 00:17:47 |
|
| 2018-10-18 21:20:07 |
|
| 2017-07-20 09:23:35 |
|
| 2016-10-18 12:01:59 |
|
| 2016-06-28 15:47:06 |
|
| 2016-04-26 14:37:24 |
|
| 2016-02-29 09:25:42 |
|
| 2016-02-29 05:24:25 |
|
| 2014-02-17 10:35:50 |
|
| 2014-01-19 21:23:18 |
|
| 2013-11-11 12:37:36 |
|
| 2013-05-11 10:57:01 |
|
