UltraVNC w/ DSM Plugin Detection

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.

Synopsis :

A remote control service is running on this port.

Description :

UltraVNC seems to be running on the remote port.

Upon connection, the remote service on this port always sends the same
12 pseudo-random bytes.

It is probably UltraVNC with the old DSM encryption plugin. This
plugin tunnels the RFB protocol into a RC4-encrypted stream.

This old protocol does not use a random IV so the RC4 pseudo random
flow is reused from one session to another. An authenticated user
could leverage this issue to decrypt other users' sessions.

Solution :

If this service is not needed, disable it or filter incoming traffic
to this port. Otherwise, upgrade UltraVNC and use one of the new and
safer plugins which implement a random IV.

Risk factor :

Medium / CVSS Base Score : 4.0

Family: Service detection

Nessus Plugin ID: 19289 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now