CVE-2022-36436: Twisted VNC Authentication Proxy authentication bypass - Introduction - GRNET provides VNC access to their VMs, which utilizes the Twisted VNC Authentication Proxy (VNCAuthProxy). A security vulnerability was discovered allowing an attacker to bypass the proxy server's authentication mechanism. - Vulnerability details - The proxy server allows clients to select the "None" security type, enabling access without authentication. - The proxy server supports two security types but does not enforce the "VNC Authentication" security type. - Impact - Attackers can gain access to a shared VNC console or force disconnection, potentially leading to the running of arbitrary commands in the victim's authenticated shell. - Exploitation - The attacker can scan ports 5800-5899 for open ports and connect using a VNC client with "None" security type. - Recommendation - Update Twisted VNC Authentication Proxy to version 1.2.0 or above. - Vulnerability timeline - Vulnerability identified on July 5, 2022; temporary fix applied on July 11, 2022; vendor contacted on July 12, 2022; CVE ID assigned on July 25, 2022; fix released on July 29, 2022. - References - Links to repository for Twisted VNC Authentication Proxy, commit for fix, and CVE entry.