-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "RealVNC4 NULL Session" mean "no authentication" and there is tons of vnc using this UNsecured option.
as in my scan Radmin21 NULL Session mean also "no authentication" , but they removed it in radmin22, do the same, because in some days, isc sans is gonna cry on 5900 :) there is no ssl ? well I have used what is returning many vnc on the internet, and on somes I got: "RFB 103 006 the connection could not be established because SSL 3.0/TLS 1.0 encryption is required" prolly a mod from your src code, anyway thanx for letting me know :) James Weatherall a icrit : > "Class101", > > VNC has always provided the option to operate without requiring > authentication, there is no such thing as a "RealVNC4 NULL > Session", and VNC has never used SSL encryption, so I'm afraid it > sounds like someone's been telling you porkies! > > The output that you've included just seems to show that (assuming > "passworded" means "was able to guess password") your VNC Servers > have been configured with poorly chosen passwords. > > Of course, if you think you know of any viable attacks on VNC > servers then feel free to get in touch. > > Cheers, > > Wez @ RealVNC Ltd. > > >> -----Original Message----- From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of >> [EMAIL PROTECTED] Sent: 19 June 2005 15:35 To: >> [email protected] Cc: Full-Disclosure Subject: RealVNC/WinVNC >> Multiple vulnerabilities >> > Two simple vulnerabilities wich may lead to an os guess + null > session + several others infos while scanning port 5900, low risk > on paper but high online risk: > > My 2cent suggestion to the realvnc team would be to totally remove > this "No Authentication" option wich wasnt present in the oldold > winvnc, and to standardize what is answering all your servers to > restrict the private informations guessing. > > > quick screenshot( of a simple dfind scanning test on a range that I > thought really secured :>): > > ***.7.41:5900 realvnc4 ssl encryption ***.16.83:5900 realvnc4 > passworded (free ed. win32) ***.16.91:5900 realvnc4 passworded > (free ed. win32) ***.16.113:5900 realvnc4 passworded (free ed. > win32) ***.16.163:5900 realvnc4 passworded (free ed. > x86/SPARC/HPUX) ***.16.180:5900 realvnc4 passworded (free ed. > x86/SPARC/HPUX) ***.16.202:5900 RealVNC4 NULL Session (free ed. > x86/SPARC/HPUX) ***.16.237:5900 realvnc4 passworded (free ed. > x86/SPARC/HPUX) ***.22.217:5900 realvnc4 passworded (free ed. > x86/SPARC/HPUX) ***.29.91:5900 realvnc4 passworded (free ed. > x86/SPARC/HPUX) ***.29.92:5900 RealVNC4 NULL Session > (perso/enterp ed. win32 encryption:OFF) ***.29.93:5900 realvnc4 > passworded (free ed. x86/SPARC/HPUX) ***.29.157:5900 realvnc4 > passworded (perso/enterp ed. win32 encryption:OFF) ***.29.201:5900 > realvnc4 passworded (free ed. x86/SPARC/HPUX) ***.29.234:5900 > realvnc4 passworded (free ed. win32) ***.35.45:5900 realvnc4 > passworded (perso/enterp ed. win32 encryption:ON) ***.40.192:5900 > RealVNC4 NULL Session (perso/enterp ed. win32 encryption:ON) > > If you are seeking for more informations and you are from > @realvnc.com, email me, or else look at class101.org and > hat-squad.com > _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) iD8DBQFCts2YLyZ8K9aT7rARAjCQAJ9U+WkUZhmhu8y5PMy+Z2i5BdSq1ACgrBtJ QJyzlyB5AvLPXnhJ/a/9SPw= =Ueg2 -----END PGP SIGNATURE----- _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
