vncauthproxy is vulnerable to authentication bypass. The vulnerability exists in the check_version
function in protocol.py
due to improper configuration, allowing a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session.
CPE | Name | Operator | Version |
---|---|---|---|
vncauthproxy | eq | 1.1.1 | |
vncauthproxy | le | 1.0 | |
vncauthproxy | eq | 1.1.1 | |
vncauthproxy | le | 1.0 |
cert.grnet.gr/en/blog/cve-2022-36436-twisted-vnc-authentication-proxy-authentication-bypass/
github.com/osuosl/twisted_vncauthproxy/commit/edc149af29242178091b2d6fcd42c3ef0851644b
github.com/osuosl/twisted_vncauthproxy/pull/1
github.com/osuosl/twisted_vncauthproxy/tree/release/1.1.1
pypi.org/project/VNCAuthProxy/