CVE - CVE-2006-2369

CVE-ID
CVE-2006-2369	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1016083 URL:http://securitytracker.com/id?1016083 MISC:17978 URL:http://www.securityfocus.com/bid/17978 MISC:20060515 Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise URL:http://www.securityfocus.com/archive/1/434015/100/0/threaded MISC:20060515 RealVNC 4.1.1 Remote Compromise URL:http://marc.info/?l=full-disclosure&m=114768344111131&w=2 MISC:20060515 RealVNC 4.1.1 Remote Compromise URL:http://www.securityfocus.com/archive/1/433994/100/0/threaded MISC:20060516 re: RealVNC 4.1.1 Remote Compromise URL:http://www.securityfocus.com/archive/1/434117/100/0/threaded MISC:20060518 RE: [Full-disclosure] RealVNC 4.1.1 Remote Compromise URL:http://www.securityfocus.com/archive/1/434518/100/0/threaded MISC:20060520 Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise URL:http://www.securityfocus.com/archive/1/434560/100/0/threaded MISC:20060622 RealVNC Remote Authentication Bypass Vulnerability URL:http://www.cisco.com/warp/public/707/cisco-sr-20060622-cmm.shtml MISC:20060623 Linux VNC evil client patch - BID 17978 URL:http://www.securityfocus.com/archive/1/438175/100/0/threaded MISC:20060624 Re: Linux VNC evil client patch - BID 17978 URL:http://www.securityfocus.com/archive/1/438368/100/0/threaded MISC:20107 URL:http://secunia.com/advisories/20107 MISC:20109 URL:http://secunia.com/advisories/20109 MISC:20220513 some details regarding CVE-2022-24422 / iDRAC VNC authentication URL:http://seclists.org/fulldisclosure/2022/May/29 MISC:20789 URL:http://secunia.com/advisories/20789 MISC:25479 URL:~~http://www.osvdb.org/25479~~ (Obsolete source) MISC:8355 URL:http://securityreason.com/securityalert/8355 MISC:ADV-2006-1790 URL:~~http://www.vupen.com/english/advisories/2006/1790~~ (Obsolete source) MISC:ADV-2006-1821 URL:~~http://www.vupen.com/english/advisories/2006/1821~~ (Obsolete source) MISC:ADV-2006-2492 URL:~~http://www.vupen.com/english/advisories/2006/2492~~ (Obsolete source) MISC:VU#117929 URL:http://www.kb.cert.org/vuls/id/117929 MISC:[vnc-list] 20060513 Version 4.1.2 URL:http://marc.info/?l=vnc-list&m=114755444130188&w=2 MISC:http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.html URL:http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.html MISC:http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html URL:http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html MISC:http://www.realvnc.com/products/free/4.1/release-notes.html URL:http://www.realvnc.com/products/free/4.1/release-notes.html MISC:realvnc-auth-bypass(26445) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26445
Assigning CNA
Red Hat, Inc.
Date Record Created
20060515	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060515)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)