Back to search

VNC remote control service installed

Severity CVSS Published Added Modified
8 (AV:N/AC:L/Au:N/C:P/I:P/A:P) November 01, 2004 November 01, 2004 July 09, 2012

Description

AT&T Virtual Network Computing (VNC) provides remote users with access to the system it is installed on. If this service is compromised, the user can gain complete control of the system.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

Solution

Fix VNC remote control service installed

Remove or disable this service. If it is necessary, be sure to use well thought out (hard to crack) passwords. It is important to note that VNC truncates passwords to 8 bytes when authenticating, making it more susceptible to brute force attacks.

To protect data from eaves-droppers, tunneling VNC through SSH is recommended.

Additionally, restricting access to specific IP addresses using TCP wrappers is also recommended.

For more information on VNC, visit the VNC website.