Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2206

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2006-2206
Last Modified 05 Sep 2008 05:03:56
Published 05 May 2006 08:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2206

Summary

The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords.

Vulnerable Systems

Application

  • Ultravnc 1.0.1


References

BID - 17824

BUGTRAQ - 20060502 Vulnerability in the way Ultr@VNC-1.0.1 handles MS-Logon Authentication.

XF - ultr@vnc-mslogon-weak-encryption(26283)


Last Updated: 27 May 2016 10:42:22