Read Time:24 Second
Posted by christian mock on May 13
The Dell advisory is a bit low on details, so:
The vulnerability is really just CVE-2006-2369 / CVE-2006-2450, but
wrapped in TLS (we’re in the 2020s, our auth bypasses are secure now!)
That means that your vuln scanner might or might not detect it, Nessus
for example does, but Nexpose apparently doesn’t.
It also means that metasploit’s “realvnc_41_bypass” is not directly
usable, you need to use your favorite TLS…