VNC No Authentication Required

Risk Level: Low risk vulnerability  Low

Check or Attack Name: VNCNoAuth
Platforms: Virtual Network Computing
Description:

If VNC is running and is configured to accept connections without authentication, anyone can connect to the VNC server and control your machine. Usually, VNC will not allow connections if no password is set, but you can configure it to accept connections with no password.
Remedy:

If VNC is not needed or authorized, then it should be removed.
References:

AT&T Laboratories Cambridge, Virtual Network Computing, http://www.uk.research.att.com/vnc/
X-Force Logo
Know Your Risks