Inconsistent results for VNC

Nessus

Inconsistent results for VNC

To:	nessus@list.nessus.org
Subject:	Inconsistent results for VNC
From:	Bob Babcock <rbabcock@cfa.harvard.edu>
Date:	Tue, 14 Nov 2006 11:14:00 -0500 (EST)
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	nessus-list1@securepoint.com
Delivered-to:	nessus@list.nessus.org
List-archive:	<http://mail.nessus.org/pipermail/nessus>
List-help:	<mailto:nessus-request@list.nessus.org?subject=help>
List-id:	Discussion of Nessus software <nessus.list.nessus.org>
List-post:	<mailto:nessus@list.nessus.org>
List-subscribe:	<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=subscribe>
List-unsubscribe:	<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=unsubscribe>
Reply-to:	rbabcock@cfa.harvard.edu
Sender:	nessus-bounces@list.nessus.org

I'm getting inconsistent results scanning with plugin 19288 (VNC security
types).  Scanning the same machines, I sometimes get:

  The remote VNC server chose security type #0 (Invalid)
  Any user can connect to it without authentication, and thus take
  control of this machine.

and other times get:

  The remote VNC server chose security type #2 (VNC authentication)

I'm scanning with Windows Nessus 3.0.4 build W306.  Target machines are
Win/2K or Win/XP with RealVNC 3.3.7.  I can make VNC connections to the
target machines using a password, and if I try to clear the password with
this version of VNC, it says it won't accept connections with no password.
I think I always get security type #0 for localhost.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Inconsistent results for VNC, Bob Babcock <= Re: Inconsistent results for VNC, Michel Arboi Re: Inconsistent results for VNC, Michel Arboi Re: Inconsistent results for VNC, Michel Arboi Re: Inconsistent results for VNC, Bob Babcock

Previous by Date:	Re: Relating CVE IDs in Nessus Plugins, George A. Theall
Next by Date:	Re: Inconsistent results for VNC, Michel Arboi
Previous by Thread:	Relating CVE IDs in Nessus Plugins, Shingari, Nitin V.
Next by Thread:	Re: Inconsistent results for VNC, Michel Arboi
Indexes:	[Date] [Thread] [Top] [All Lists]