UltraVNC w/ DSM Plugin Detection (2)

info Nessus Plugin ID 25821

Synopsis

A remote control service is running on this port.

Description

UltraVNC seems to be running on the remote port.

Upon connection, the remote service on this port sends pseudo-random bytes.

It is probably UltraVNC with the new DSM encryption plugin. This plugin tunnels the RFB protocol into a RC4 or AES encrypted stream.

Solution

If this service is not needed, disable it or filter incoming traffic to this port.

See Also

https://www.realvnc.com/en/

Plugin Details

Severity: Info

ID: 25821

File Name: ultravnc_dsm_detect_2.nasl

Version: 1.15

Type: remote

Published: 7/31/2007

Updated: 8/15/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:uvnc:ultravnc