VNC Server Unauthenticated Access: Screenshot

high Nessus Plugin ID 66174

Synopsis

The remote VNC server does not require authentication.

Description

The VNC server installed on the remote host allows an attacker to connect to the remote host as no authentication is required to access this service.

It was possible to log into the remote service and take a screenshot.

Solution

Disable the 'No Authentication' security type.

Plugin Details

Severity: High

ID: 66174

File Name: vnc_screenshot.nbin

Version: 1.74

Type: remote

Family: Misc.

Published: 4/22/2013

Updated: 3/19/2024

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P