Security
Security
A vulnerability has been discovered in Neat VNC, which can lead to authentication bypass.
| Package | gui-libs/neatvnc on all architectures |
|---|---|
| Affected versions | < 0.8.1 |
| Unaffected versions | >= 0.8.1 |
Neat VNC is a liberally licensed VNC server library that's intended to be fast and neat.
Neat VNC allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
A remote attacker can opt not to use any authentication method and access the VNC server.
There is no known workaround at this time.
All Neat VNC users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=gui-libs/neatvnc-0.8.1"
Release date
November 06, 2024
Latest revision
November 06, 2024: 1
Severity
high
Exploitable
remote
Bugzilla entries