WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
References
Link | Resource |
---|---|
http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117 | Vendor Advisory |
http://www.kb.cert.org/vuls/id/303080 | Third Party Advisory US Government Resource |
http://www.securityfocus.com/bid/2275 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/5992 |
Configurations
Information
Published : 2001-01-22 21:00
Updated : 2017-07-10 18:29
NVD link : CVE-2001-1422
Mitre link : CVE-2001-1422
JSON object : View
CWE
Products Affected
att
- winvnc