VxRail: Customer Security scan returns vulnerability in VNC on VxRail "the remote vnc server does not require authentication"
Summary: Customer Security scan returns vulnerability in VNC on VxRail "the remote vnc server does not require authentication"
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
When customer runs a security scan, a vulnerability in VNC on VxRail is returned and the message may be shown as similar to "the remote vnc server does not require authentication".
In this particular instance, customer was using Tenable Nessus security software. Teneble reference to this vulerability is https://www.tenable.com/plugins/index.php?view=single&id=26925 which states:
** The VNC server sometimes sends the connected user to the XDM login
** screen. Unfortunately, Nessus cannot identify this situation.
** In such a case, it is not possible to go further without valid
** credentials and this alert may be ignored.
Resolution
VNC server on VxRail Manager is only activated after ESRS is activated and can only be accessed from EMC Support secure channel, which will then redirect to the XDM login on the VxRail.
So for VxRail, the VNC server does, in fact, send the connected user to the XDM login and can go no further without valid credentials.
Affected Products
VxRail Appliance FamilyProducts
VxRail Appliance FamilyArticle Properties
Article Number: 000056577
Article Type: Solution
Last Modified: 29 Sep 2023
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.