hello,
vnc_security_types.nasl (script_id 19288) checks the VNC security types
and if <= 1: security hole.
However, if you get 0 as a security type, this is an error indication,
not a bad protocol, see
www.realvnc.com/support/documentation.html
under 6.1.2.
So, the test should be 'if == 1: security hole'
Else you get false positives for servers that reject the connection for
some reason.
Torbjörn Wictorin,
Uppsala univ.
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
