Saturday, August 15, 11:14
Home security 37 vulnerabilities found in 4 popular Open-Source VNC software

37 vulnerabilities found in 4 popular Open-Source VNC software

VNCKaspersky researchers found 37 vulnerabilities in four well-known open-source VNC remote desktop applications. The vulnerabilities exist from 1999 and allow malware hackers to obtain access and violate them systems of the victims remotely.

According to investigators, the attackers have gained remote access to more than 600.000 VNC servers, over the Internet, using data collected through the Shodan search engine.

37 vulnerabilities found

Researchers found 37 vulnerabilities in four VNC applications: 10 vulnerabilities found in LibVNC, 4 at TightVNC 1.X, 1 at TurboVNC and 22 at UltraVNC.

VNC applications are available in many versions and are compatible with popular operating systems such as Windows, Linux, macOS and Android.

VNC applications contain two components. One develops on server and the other to client, used to gain access to the server.

The researchers found vulnerabilities in both the server and the client they are causing problem in μνήμη. This problem, in turn, leads to other malfunctions and also allows it to work denial of service attacks.

In some cases, vulnerabilities allow hackers to gain unauthorized access to Appliances or develop malware.

How to Attack:

  • The attacker is on the same network as the VNC server and does attack to enable code execution on the server.
  • A user connects to the server of an intruder using a VNC client and the intruder exploits the client's vulnerabilities to attack the user and execute code on his machine.

Most vulnerabilities have already been fixed, with the exception of TightVNC 1.x, which is no longer supported. TightVNC 2.X versions are now in use.

The researchers suggest users use strong passwords and do control on their devices. They also emphasize that connections to untrusted or untried VNC servers should not be made.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

The beta version of OxygenOS 11 is released for OnePlus 8 & Pro

OnePlus has released updates for the beta version of OxygenOS 11, which is based on Android 11 for the OnePlus 8 series, ...

How to install third-party keyboards on iPhone and iPad?

In case you did not know, you can use third party keyboards on the iPhone and ...

Relax with these short horror and sci-fi movies!

Do you dream of other planets, other realities or other schedules? If you wish you could travel somewhere else you should see these little ...

6 ways your location can be traced through your iPhone!

Your iPhone can be configured to show your location in real time to anyone. Also indicates your location ...

How to delete your Spotify account?

Have you decided to stop using Spotify and want to close your account permanently? See how ...

Holidays, baths, public WiFi: Guess which one not to choose?

Holidays, baths, public WiFi: Guess which one not to choose? August is here and most are getting ready for their summer vacation ....

Cyber ​​Security Career: Why Choose It Now?

With unemployment being at very high levels due to the coronavirus and with companies trying to restructure companies ...

Get MIUI 12 "Focus Mode" on any Xiaomi device

Focus Mode is one of the best features of MIUI 12. This feature was first introduced in MIUI 11, but there are ...

The 20 best gaming consoles of all time

On the threshold of the new generation of consoles, such as the PlayStation 5 and the Xbox Series X, these are the most important and ...

Smart locks: Every home needs to have one!

Home security is a complex issue, but anything is safer than hiding a spare key in a very ...