HeapOverflow Computer Security Community & Forums : Heap Overflow.com - View Single Post - RealVNC4/WinVNC4 vulnerabilities

Thread: RealVNC4/WinVNC4 vulnerabilities

View Single Post

#34 (permalink)

Old

04-10-05

thetrooper thetrooper is offline

thetrooper is offline

Junior Member

Join Date: Aug 2005

Posts: 5

Thanks: 0

Thanked 0 Times in 0 Posts

Rep Power: 6

thetrooper is on a distinguished road

Default

Quote:

Originally Posted by class101

NULL Session = blank password...

i think it isn't correct
i've installed a vnc server on a pc
then set the password to blank
i confirmed a "session with authentication but no password" (vnc version 4.1.1. free edition)
it's the default choice, if i want to allow NULL session i must select it from the installation menu

this is the result of the scan:

=============================================[rev-1.0.7RC1]==
==============DFind - #1 Tiny Security Scanner===============
============multi-threaded for Linux and Windows=============
================================================== ===========
VNC4 systems vulnerability scanner
================================================== ===========

[+] status..: 100% thread(s):1 192.168.0.2:5900 vnc4 passwd (free ed. win32)
[+] status..: 100% thread(s):0 [+] status..: 100% thread(s):0
[+] results.: 0 / 1 IP(s) (open:1 vnc:1 passwd:1)

so i think that an user can set a blank password but keep safe from an attack

however it's a good scanner

Reply With Quote