ThinVNC is a web remote access client (browser-based, HTML5). It’s an improved version of the standard VNC protocol. It covers all the same scenarios, but with much better performance and without the need to install a PC client or any browser plugin.

Red Team Consultant Nikhith Tummalapalli has found authentication bypass vulnerability from ThinVNC.

Description

For accessing the web VNC client, ThinVNC uses Basic Authentication to authenticate a user. During deployment of the VNC client, credentials to be used are set on the server-side. VNC server runs on no set port, you can run the VNC server on any pre-configured port.
An attacker performs brute force or multiple times wrong password attempts server gives a 401 response. The directory traversal attack vector allows an attacker to read an arbitrary file on the system. An attacker can bypass using /xyz../../ThinVNC.ini. You can see given proof of concept.

Proof of concept

Follow us
LinkedIn : Rapidsafeguard
Twitter : Rapidsafeguard
Instagram: Rapidsafeguard
Facebook : Theeasyhack
YouTube : Rapidsafeguard

LEAVE A REPLY

Please enter your comment!
Please enter your name here