CVE-2002-1336

Published: Sep 1, 2004

Modified: Aug 8, 2024

PUBLISHED

Description

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vnc-weak-authentication(5992)

vdb-entry

x_refsource_XF

RHSA-2002:287

vendor-advisory

x_refsource_REDHAT

20020724 VNC authentication weakness

mailing-list

x_refsource_BUGTRAQ

RHSA-2003:041

vendor-advisory

x_refsource_REDHAT

MDKSA-2003:022

vendor-advisory

x_refsource_MANDRAKE

CLA-2003:640

vendor-advisory

x_refsource_CONECTIVA

http://www.tightvnc.com/WhatsNew.txt

x_refsource_CONFIRM

20020726 RE: VNC authentication weakness

mailing-list

x_refsource_BUGTRAQ

5296

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2002-1336

Description

Affected Products

References