False positives for vnc brute force login

Hello,

I have a lot of false positive reports from the “vnc brute force login”. It reports that:

Vulnerability Detection Result
It was possible to connect to the VNC server with the password: admin

But actually there is a different password, also, I have checked and it is not possible to login using this password:

$ vncviewer xx.xx.xx.11::5900
Connected to RFB server, using protocol version 3.8
Performing standard VNC authentication
Password:
vncviewer: VNC server closed connection

If I use empty password, there is a different reply from the vnc server:

Connected to RFB server, using protocol version 3.8
Performing standard VNC authentication
Password:
Reading password failed

VNC server is running on the Riverbed steelhead applience.

Hi there, thanks for reporting. We are looking into it.