[nexpose-users] Bug Report - VNC Null Authentication
Jacky Jack
jacksonsmth698 at gmail.com
Sun Jul 25 19:26:43 PDT 2010
Hi
With the NeXpose community edition with latest update, I recently
scanned a Fedora Host with real vnc server installed.
I found the report contains a false positive "RealVNC Null Credential
Login Permitted Vulnerability (backdoor-realvnc-nullcreds)"
I verified that this is a true false positive with
- so-called poc tool
http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html
- metasploit null authentication module
http://www.metasploit.com/modules/auxiliary/scanner/vnc/vnc_none_auth
- poc available in
http://www.securityfocus.com/bid/17978/exploit
Thanks
More information about the nexpose-users
mailing list