False positives for vnc brute force login

blackabdula · June 20, 2019, 8:23am

Hello,

I have a lot of false positive reports from the “vnc brute force login”. It reports that:

Vulnerability Detection Result
It was possible to connect to the VNC server with the password: admin

But actually there is a different password, also, I have checked and it is not possible to login using this password:

$ vncviewer xx.xx.xx.11::5900
Connected to RFB server, using protocol version 3.8
Performing standard VNC authentication
Password:
vncviewer: VNC server closed connection

If I use empty password, there is a different reply from the vnc server:

Connected to RFB server, using protocol version 3.8
Performing standard VNC authentication
Password:
Reading password failed

VNC server is running on the Riverbed steelhead applience.

_ad · July 8, 2019, 1:50pm

Hi there, thanks for reporting. We are looking into it.

ckuerste · November 8, 2019, 3:05am

The VTS “VNC Brute Force Login” (OID: 1.3.6.1.4.1.25623.1.0.106056) finally got an update and should arrive in one of the next feed updates.

Please let us now if this solves the problem.