CVE-2006-2450 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2006-2450 Interim 1 20 2025-11-05T06:26:46Z current 2021-05-30T12:35:43Z 2025-11-05T06:26:46Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2006-2450 auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YUUWKSH6QWMEE34DU5XHDA542UWYWKYI/#YUUWKSH6QWMEE34DU5XHDA542UWYWKYI E-Mail link for SUSE-SA:2006:042 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Workstation Extension 15 SP2 openSUSE Tumbleweed LibVNCServer LibVNCServer-0.9.1-154.24 LibVNCServer-devel-0.9.1-154.24 LibVNCServer-devel-0.9.13-3.1 libvncclient0 libvncclient1-0.9.13-3.1 libvncclient1-0.9.14-160000.2.2 libvncserver0 libvncserver1-0.9.13-3.1 libvncserver1-0.9.14-160000.2.2 LibVNCServer-0.9.1-154.24 as a component of SUSE Linux Enterprise Server 11 SP1 LibVNCServer-0.9.1-154.24 as a component of SUSE Linux Enterprise Server 11 SP2 LibVNCServer-0.9.1-154.24 as a component of SUSE Linux Enterprise Server 11 SP3 LibVNCServer-0.9.1-154.24 as a component of SUSE Linux Enterprise Server 11 SP4 libvncclient1-0.9.14-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 libvncserver1-0.9.14-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 LibVNCServer-devel-0.9.1-154.24 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 LibVNCServer-devel-0.9.13-3.1 as a component of openSUSE Tumbleweed libvncclient1-0.9.13-3.1 as a component of openSUSE Tumbleweed libvncserver1-0.9.13-3.1 as a component of openSUSE Tumbleweed libvncclient0 as a component of SUSE Linux Enterprise Workstation Extension 15 SP2 libvncserver0 as a component of SUSE Linux Enterprise Workstation Extension 15 SP2 LibVNCServer as a component of SUSE Linux Enterprise Workstation Extension 15 SP2 auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369. CVE-2006-2450 SUSE Linux Enterprise Server 11 SP1:LibVNCServer-0.9.1-154.24 SUSE Linux Enterprise Server 11 SP2:LibVNCServer-0.9.1-154.24 SUSE Linux Enterprise Server 11 SP3:LibVNCServer-0.9.1-154.24 SUSE Linux Enterprise Server 11 SP4:LibVNCServer-0.9.1-154.24 SUSE Linux Enterprise Server 16.0:libvncclient1-0.9.14-160000.2.2 SUSE Linux Enterprise Server 16.0:libvncserver1-0.9.14-160000.2.2 SUSE Linux Enterprise Software Development Kit 11 SP4:LibVNCServer-devel-0.9.1-154.24 openSUSE Tumbleweed:LibVNCServer-devel-0.9.13-3.1 openSUSE Tumbleweed:libvncclient1-0.9.13-3.1 openSUSE Tumbleweed:libvncserver1-0.9.13-3.1 SUSE Linux Enterprise Workstation Extension 15 SP2:LibVNCServer SUSE Linux Enterprise Workstation Extension 15 SP2:libvncclient0 SUSE Linux Enterprise Workstation Extension 15 SP2:libvncserver0 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P