A "highly critical" flaw in RealVNC's virtual network computing software could allow malicious hackers to access a remote system without a password, according to a published advisory. RealVNC, the Cambridge, U.K.-based company that invented the open-source software, has acknowledged the flaw and posted patches for all affected versions.

The RealVNC software, which competes with Symantec's pcAnywhere, allows users access a remote computer from a local PC. The company distributes the software in three versions—free, personal and enterprise edition. The vulnerability is caused due to an error within the handling of VNC password authentication requests. It can be exploited to bypass authentication and allows access to the remote system without requiring knowledge of the VNC password.

The link for this article located at eWeek is no longer available.