The open-source virtual network computing software is vulnerable to a flaw that could allow malicious hackers to bypass password authentication.
A "highly critical" flaw in RealVNCs virtual network computing software could allow malicious hackers to access a remote system without a password, according to a published advisory
RealVNC, the Cambridge, U.K.-based company that invented the open-source software, has acknowledged the flaw and posted patches
for all affected versions.
The RealVNC software, which competes with Symantecs pcAnywhere, allows users access a remote computer from a local PC. The company distributes the software in three versionsfree, personal and enterprise edition.
Read here about an upgrade to Symantecs pcAnywhere.
The vulnerability is caused due to an error within the handling of
VNC password authentication requests. It can be exploited to bypass
authentication and allows access to the remote system without
requiring knowledge of the VNC password.
IntelliAdmin, the company that discovered the bug, has published a proof-of-concept exploit
to help users determine if their RealVNC version is affected.
RealVNC is used in the enterprise to handle remote system administration tasks like taking control of employee machines to diagnose and fix problems, or to access and administer server machines without making a trip to the console.
The software is fully cross-platform, making it popular among users who want to access a Linux machine, a Windows PC, a Solaris machine or any number of other architectures.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.