WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/303080 | Third Party Advisory US Government Resource |
http://www.securityfocus.com/bid/2275 | Vendor Advisory |
http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/5992 | |
http://www.kb.cert.org/vuls/id/303080 | Third Party Advisory US Government Resource |
http://www.securityfocus.com/bid/2275 | Vendor Advisory |
http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/5992 |
Configurations
History
20 Nov 2024, 23:37
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.kb.cert.org/vuls/id/303080 - Third Party Advisory, US Government Resource | |
References | () http://www.securityfocus.com/bid/2275 - Vendor Advisory | |
References | () http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/5992 - |
Information
Published : 2001-01-23 05:00
Updated : 2024-11-20 23:37
NVD link : CVE-2001-1422
Mitre link : CVE-2001-1422
CVE.ORG link : CVE-2001-1422
JSON object : View
Products Affected
att
- winvnc
CWE