This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects the VNC client requesting NULL authentication when the VNC server does not support NULL authentication.
RealVNC (Virtual Network Computing) allows users to access remote computers for administration purposes.
RealVNC is susceptible to an authentication bypass vulnerability. This issue is due to a flaw in the authentication process of the affected package.
During the initial handshake and authentication process between VNC clients and servers, a list of authentication methods is sent to clients. The client chooses a method and returns a byte specifying the method it wishes to continue with. The flaw presents itself due to the server not properly validating that the requested method that the client sends to it was actually one of the methods allowed by the server.
This issue allows remote attackers to request an anonymous authentication method, which will be incorrectly accepted by the server. This allows them to gain full control of the VNC server session.
Exploiting this issue allows attackers to gain unauthenticated, remote access to the VNC servers. RealVNC version 4.1.1 is vulnerable to this issue; other versions may also be affected.
- RealVNC RealVNC 4.1.1
- RealVNC RealVNC Enterprise Edition
- RealVNC RealVNC Personal Edition