This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.
A remote control service is running on this port.
UltraVNC seems to be running on the remote port.
Upon connection, the remote service on this port always sends the same
12 pseudo-random bytes.
It is probably UltraVNC with the old DSM encryption plugin. This
plugin tunnels the RFB protocol into a RC4-encrypted stream.
This old protocol does not use a random IV so the RC4 pseudo random
flow is reused from one session to another. An authenticated user
could leverage this issue to decrypt other users' sessions.
If this service is not needed, disable it or filter incoming traffic
to this port. Otherwise, upgrade UltraVNC and use one of the new and
safer plugins which implement a random IV.
Risk factor :
Medium / CVSS Base Score : 4.0
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now