Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1336

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1336
Last Modified 10 Sep 2008 03:14:18
Published 11 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1336

Summary

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Vulnerable Systems

Application

  • Tightvnc 1.2.0

  • Tightvnc 1.2.1

  • Tightvnc 1.2.3

  • Tightvnc 1.2.4

  • Tightvnc 1.2.5


References

XF - vnc-weak-authentication(5992)

CONFIRM - http://www.tightvnc.com/WhatsNew.txt

BUGTRAQ - 20020724 VNC authentication weakness

BID - 5296

REDHAT - RHSA-2003:041

REDHAT - RHSA-2002:287

MANDRAKE - MDKSA-2003:022

BUGTRAQ - 20020726 RE: VNC authentication weakness

CONECTIVA - CLA-2003:640


Last Updated: 27 May 2016 10:37:16