Moreover the vulnerability seems to be exploitable only by client RFB-3.8 [1]
compliant, which means VNC4 (i.e. vnc4-4.1.1+X4.3.0 for linux). VNC3 for Linux
and Windows are RFB-3.3.
This is because the new protocol version implements a different authentication
handshake procedure. In fact attac
Hi all,
I have done a patch to current Linux VNC client (ver. 4.1.1), which permit to
authenticate to a bugged server with a NULL session, although password
authentication is required
(RealVNC Remote Authentication Bypass Vulnerability, BID 17978).
Here is the patch for file CConnection.cxx