Microsoft Windows SMB Registry : WinVNC's Key Permissions

This script is Copyright (C) 2000-2015 Tenable Network Security, Inc.


Synopsis :

Local users can connect to the system remotely.

Description :

The registry key HKLM\Software\ORL\WinVNC3 is writeable and/or
readable by users who are not in the admin group.

This key contains the VNC password of this host, as well as other
configuration setup.

As this program allows remote access to this computer with the
privileges of the currently logged on users, you should fix this
problem.

Solution :

Use regedt32 and set the permissions of this key to :

- admin group : Full Control
- system : Full Control
- everyone : No access

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.6
(CVSS2#E:U/RL:U/RC:ND)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 10553 ()

Bugtraq ID: 1961

CVE ID: CVE-2000-1164

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now