On Saturday 27 May 2006 04:59, Taco Scargo wrote:
> It appears someone hacked my vnc password at home (or broke into my house)
> and sent the email with the rude dutch language in it to this mailing list.
> I apologize this happened. I have shutdown my pc at home so the person is
> unable to connect anymore.
<quote from ISS>
Internet Security Systems Security Brief
May 25, 2006
RealVNC Authentication Bypass
Summary:
During the second week of May, a RealVNC vulnerability was publicly
announced. This issue allows a remote attacker to obtain access to a
vulnerable system without authentication.
This week, our researchers detected active exploitation. This exploitation
indicates that attackers are connecting to vulnerable servers and gaining
unauthorized access (not simply probes for the vulnerability).
Description:
RealVNC Free Edition, Personal Edition, and Enterprise Edition could allow a
remote attacker to bypass authentication and gain unauthorized access to the
system. This is caused by the improper validation of the client
authentication method which could allow an attacker to successfully
authenticate to an affected system using the null authentication method.
</quote>
--
Larry Smith
SysAd ECSIS.NET
sysad (at mark) ecsis.net