WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/303080 | Third Party Advisory US Government Resource |
http://www.securityfocus.com/bid/2275 | Vendor Advisory |
http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/5992 |
Configurations
History
No history.
Information
Published : 2001-01-23 05:00
Updated : 2024-02-28 10:24
NVD link : CVE-2001-1422
Mitre link : CVE-2001-1422
CVE.ORG link : CVE-2001-1422
JSON object : View
Products Affected
att
- winvnc
CWE