SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications.Referenceshttp://www.iss.net/security_center/static/9476.phphttp://www.securityfocus.com/bid/5146http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0003.html
