The MOSIX Project clump/os 5.4 creates a default VNC account without a password, which allows remote attackers to gain root access.