CVE-2002-1336

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640
http://marc.info/?l=bugtraq&m=102753170201524&w=2
http://marc.info/?l=bugtraq&m=102769183913594&w=2
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022
http://www.redhat.com/support/errata/RHSA-2002-287.html
http://www.redhat.com/support/errata/RHSA-2003-041.html
http://www.securityfocus.com/bid/5296
http://www.tightvnc.com/WhatsNew.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/5992
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640
http://marc.info/?l=bugtraq&m=102753170201524&w=2
http://marc.info/?l=bugtraq&m=102769183913594&w=2
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022
http://www.redhat.com/support/errata/RHSA-2002-287.html
http://www.redhat.com/support/errata/RHSA-2003-041.html
http://www.securityfocus.com/bid/5296
http://www.tightvnc.com/WhatsNew.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/5992

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:tightvnc:tightvnc:1.2.0:::::::*
	cpe:2.3:a:tightvnc:tightvnc:1.2.1:::::::*
	cpe:2.3:a:tightvnc:tightvnc:1.2.3:::::::*
	cpe:2.3:a:tightvnc:tightvnc:1.2.4:::::::*
	cpe:2.3:a:tightvnc:tightvnc:1.2.5:::::::*

History

20 Nov 2024, 23:41

Type	Values Removed	Values Added
References	~~() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640 -~~	() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640 -
References	~~() http://marc.info/?l=bugtraq&m=102753170201524&w=2 -~~	() http://marc.info/?l=bugtraq&m=102753170201524&w=2 -
References	~~() http://marc.info/?l=bugtraq&m=102769183913594&w=2 -~~	() http://marc.info/?l=bugtraq&m=102769183913594&w=2 -
References	~~() http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022 -~~	() http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022 -
References	~~() http://www.redhat.com/support/errata/RHSA-2002-287.html -~~	() http://www.redhat.com/support/errata/RHSA-2002-287.html -
References	~~() http://www.redhat.com/support/errata/RHSA-2003-041.html -~~	() http://www.redhat.com/support/errata/RHSA-2003-041.html -
References	~~() http://www.securityfocus.com/bid/5296 -~~	() http://www.securityfocus.com/bid/5296 -
References	~~() http://www.tightvnc.com/WhatsNew.txt -~~	() http://www.tightvnc.com/WhatsNew.txt -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/5992 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/5992 -

Information

Published : 2002-12-11 05:00

Updated : 2024-11-20 23:41

NVD link : CVE-2002-1336

Mitre link : CVE-2002-1336

CVE.ORG link : CVE-2002-1336

JSON object : View

Products Affected

tightvnc

tightvnc

CWE

NVD-CWE-Other

7.5 /10