• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Sun SunPCi II VNC Software Password Disclosure Vulnerability

The SunPCi II card is a co-processor for a number of Solaris based systems, and provides PC software compatibility, including the ability to run Microsoft Windows. Driver software is available for the SunPCi card, including a Virtual Network Computing (VNC) client and server.

A weakness in the authentication scheme used by the VNC client and server may result in the disclosure of user passwords. An attacker able to sniff unencrypted network traffic during the VNC authentication process may trivially recover the plaintext password.

Exploitation will not be possible if network traffic is encrypted with an additional secure layer, such as SSL.

Reportedly, the VNC software was first included in version 2.3 of the SunPCi Driver Software.