Subscribe

Get the Network Administrators tool pack

Subscribe to our newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them.

Click Here to get your free tools

Recent Posts

Search

Archives

Security flaw in RealVNC 4.1.1

by Steve Wiseman on May 8, 2006 · 4 comments

in Windows


.

Update (June 2006): We have created a vulnerability testing tool . It is free, and can be downloaded from here

Update (05/10/2006) – We have contacted the RealVNC team. Quickly they released a new version that fixed the security issue. If you are running WinVNC 4.1.1 I suggest you get to www.realvnc.com today and update your software.

Update (05/08/2006) – We have installed RealVNC 4.1.1 on as many fresh computers as possible. We wanted to make sure this is a real problem – indeed it is. Every single time we were able to access the machine without a valid password. We are still trying to see what is different about our viewer that exposes this flaw.

We are currently developing a new product that would allow users to remotely install VNC, and manage current VNC installations.

Our viewer is totally 100% new code that we created from the VNC spec and not from the open source Real VNC source tree.

I got a big surprise today when I was testing the viewer code: I was able to view the remote machine without the proper password!

It had to be some type of mistake, so I installed Real VNC 4.1.1 on a test machine:

I set the password to a really huge value that I could not have possibly left in our code by accident. Got back on the development machine and clicked connect:

Instantly I had a view of the remote machine!

I started to wonder how widespread this flaw was so I downloaded TightVNC, and UltraVNC. They are immune. Both of them reject my connection right away.

Then I downloaded RealVNC 4.0 and installed it on another fresh test machine. Same thing as Tight and Ultra – I get disconnected right away.

So it looks like a flaw is in the current RealVNC 4.1.1 authentication process. I am not going to give any clues as to what it is until I can figure it out totally, and promptly let the RealVNC team know so they can resolve the issue.

Please note that I have only tested this on the windows versions of the above software.

One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools

Related Articles:

{ 4 comments… read them below or add one }

1 Steve April 24, 2011 at 11:21 am

Hi,

I had this problem on Real VNC 4.1.2, although you say it is only on 4.1.1

Are we sure it’s now OK on 4.1.3 ?

2 Steve Wiseman April 25, 2011 at 11:42 pm

Hello Steve,

This is a really old flaw. If you have the latest VNC you are fine.

3 Andre November 2, 2011 at 5:58 pm

How can I use the free VNC flaw test tool against a machine on which the VNC service runs on a non-standard port?
If I type in the address in the standard format of ip:port, the program responds “Could no connect to the remote host”.
Much appreciated,

Andrej

4 Steve Wiseman November 6, 2011 at 11:46 am

Hello Andre,

Our tool can only check on the default port. By now…there are many tools out there that can do the same, and are probably better than this free tool…such as Nessus, It has a good plugin for this.

Check it out at:

http://www.nessus.org

Leave a Comment

Category Links - Windows Forum - Exchange Forum