id: exposed-vnc-no-auth
info:
name: Exposed VNC Server No-Auth
author: Redflare Cyber
severity: high
description: This template checks for VNC servers that do not require authentication, which can allow unauthorized access to the system.
classification:
cwe-id: CWE-306
metadata:
max-request: 1
shodan-query: 'port:5900 product:"VNC"'
tags: network,vnc,exposed,no-auth,tcp
tcp:
- inputs:
- data: "\r\n"
host:
- "{{Hostname}}"
port: 5900,5901,5902
matchers:
- type: word
words:
- "RFB"
extractors:
- type: regex
part: body
regex:
- "Authentication disabled"