vnc password hit from Retina

bitlord · January 18, 2013, 10:04am

Hello,
I'm having an issue with VNC. Security at work says that they scanned my servers (Solaris, RHEL, SLES) and found that you don't need a password to access a VNC session. I have tested this and you can't login to the VNC session without a password. Can someone tell what the Retina scanner may be finding. I can't find the setting that would be the issue. I have not made any changes to the default vnc files.

Any help would be great.

DGPickett · January 23, 2013, 11:47am

If you get the password prompt, they should, also. Maybe they mean your xhost is too open?

I think the vnc password flows in the open like telnet. The is a localhost option so you have to tunnel in with ssh to connect, good for secure shops. The Xvnc listens only on 127.0.0.1 not 0.0.0.0:
RealVNC - VNC Server for Windows