OpenClaw's andbox browser noVNC observer lacked VNC authentication

The sandbox browser entrypoint launched x11vnc without authentication -nopw for noVNC observer sessions. OpenClaw-managed runtime flow publishes the noVNC port to host loopback only 127.0.0.1, so default exposure is local to the host unless operators explicitly expose the port more broadly or run...

EUVD-2011-0038

Malware in sbrugna...

EUVD-2016-5967

Malware in sbrugna...

EUVD-2002-1320

Malware in sbrugna...

EUVD-2025-19870

Malicious code in bioql PyPI...

CVE-2025-27458

The VNC authentication mechanism bases on a challenge-response system where both server and client use the same password for encryption. The challenge is sent from the server to the client, is encrypted by the client and sent back. The server does the same encryption locally and if the responses...

CVE-2025-27458

The VNC authentication mechanism bases on a challenge-response system where both server and client use the same password for encryption. The challenge is sent from the server to the client, is encrypted by the client and sent back. The server does the same encryption locally and if the responses...

CVE-2025-27458 CVE-2025-27458

The VNC authentication mechanism bases on a challenge-response system where both server and client use the same password for encryption. The challenge is sent from the server to the client, is encrypted by the client and sent back. The server does the same encryption locally and if the responses...

CVE-2025-27458 CVE-2025-27458

The VNC authentication mechanism bases on a challenge-response system where both server and client use the same password for encryption. The challenge is sent from the server to the client, is encrypted by the client and sent back. The server does the same encryption locally and if the responses...

CVE-2025-27458

The CVE-2025-27458 entry concerns Endress+Hauser MEAC300-FNADE4. The vulnerability stems from a VNC-style authentication mechanism that uses a challenge-response system with the same password for encryption on both server and client. Because VNC traffic is unencrypted, an attacker who can observe...

PT-2025-27787 · Vnc · Vnc

Name of the Vulnerable Software and Affected Versions: VNC affected versions not specified Description: The issue concerns the VNC authentication mechanism, which uses a challenge-response system. This system relies on both the server and client using the same password for encryption. An attacker...

RealVNC Authentication Bypass

No description provided by source. $Id: realvnc41bypass.rb 13641 2011-08-26 04:40:21Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...

Authentication flaw

qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions...

CVE-2011-0011

qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions...

qemu-kvm: Setting VNC password to empty string silently disables all authentication

qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions...

vnc-brute NSE Script

Performs brute force password auditing against VNC servers. See also: realvnc-auth-bypass.nse Script Arguments vnc-brute.bruteusers If set, allows the script to iterate over usernames for auth types that require it plain, Apple Remote Desktop 30, SASL not supported, and ATEN Default: false, since...

CVE-2001-1422

The CVE-2001-1422 entry concerns WinVNC 3.3.3 and earlier, where generating the same challenge string for multiple connections allows remote attackers to bypass VNC authentication by sniffing the challenge/response of other users. Affected software: WinVNC versions up to 3.3.3 (and earlier). Unde...

CVE-2002-1336

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users...

CVE-2002-1336

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users...

CVE-2002-1336

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users...