Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1422

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1422
Last Modified 05 Sep 2008 04:26:30
Published 23 Jan 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1422

Summary

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Vulnerable Systems

Application

  • Att Winvnc 3.3.3


References

CERT-VN - VU#303080

XF - vnc-weak-authentication(5992)

MISC - http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117

BID - 2275


Last Updated: 27 May 2016 10:36:40