CVE-2019-17662 Scanner

ThinVNC is a popular web-based solution that enables users to have remote access to their desktop computers. This product has become increasingly popular over the years because of the ease it provides to users. With ThinVNC, users can access their computers from anywhere in the world, as long as there is an internet connection. It is the perfect solution for those who work from home or are frequently on the move.

A security flaw was discovered in ThinVNC that compromises the VNC server. This flaw is identified as CVE-2019-17662. Even when authentication is enabled during deployment, the vulnerability still exists. The password for authentication is stored in cleartext in a file that can be accessed via a directory traversal attack vector. This means that an attacker can access sensitive information without the need for authentication, leading to a severe compromise.

The exploitation of this vulnerability can lead to various outcomes that can have substantial financial consequences and adversely impact both users and businesses. For instance, attackers can gain unauthorized access to sensitive company data, including banking information, contact details, and private correspondence. They can monitor user activity, including keystrokes, which might include login credentials for critical websites. Exposing these could lead to damages such as identity theft or financial fraud.

Thanks to the pro features of the securityforeveryone.com platform, individuals and businesses can easily and quickly learn about vulnerabilities in their digital assets. As a result, they can tighten their security measures and reduce exposure to possible cyberattacks. Through constant monitoring and notifications, securityforeveryone.com alerts its users of any potential threats, so they always stay on top of their cybersecurity strategy.

REFERENCES

• https://redteamzone.com/ThinVNC/ 
• https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py 
• https://github.com/bewest/thinvnc/issues/5 
• http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html