Rule:

--
Sid:
13881

--
Summary:
This event is generated when network traffic that indicates RealVNC Server is configured to allow NULL authentication and is being used.

--
Impact:
Possible policy violation. The use of RealVNC Server may be prohibited by corporate policy in some network environments. 

--
Detailed Information:
This event indicates that a RealVNC Server is configured to allow NULL authentication and is being used on the protected network.

--
Affected Systems:
All systems using RealVNC Server when configured to allow NULL authentication

--
Attack Scenarios:
This is a possible policy violation, it may be that RealVNC Server has been installated on a client host.

--
Ease of Attack:
Simple.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Disallow the use of RealVNC Server on the protected network and enforce or implement an organization wide policy on the use of RealVNC Server configured to allow NULL authentication.

Reconfigure RealVNC Server to not allow NULL Authentication.

--
Contributors:
Sourcefire Vulnerability Research Team


--
Additional References:

--
