Posted by christian mock on May 13

The Dell advisory is a bit low on details, so:

The vulnerability is really just CVE-2006-2369 / CVE-2006-2450, but
wrapped in TLS (we’re in the 2020s, our auth bypasses are secure now!)

That means that your vuln scanner might or might not detect it, Nessus
for example does, but Nexpose apparently doesn’t.

It also means that metasploit’s “realvnc_41_bypass” is not directly
usable, you need to use your favorite TLS…
Read More – Full Disclosure

By |2022-05-13T12:18:52-04:00May 13th, 2022|