Back to search
CVE-2011-1775
Published: May 26, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx in the vncviewer component in TigerVNC 1.1beta1 does not properly verify the server's X.509 certificate, which allows man-in-the-middle attackers to spoof a TLS VNC server via an arbitrary certificate.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20110506 CVE request: tigervnc
mailing-list
x_refsource_MLIST
[oss-security] 20110509 Re: CVE request: tigervnc
mailing-list
x_refsource_MLIST
[tigervnc-devel] 20110504 potential vulnerability in TLS secType?
mailing-list
x_refsource_MLIST
[tigervnc-devel] 20110504 Re: potential vulnerability in TLS secType?
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=702672
x_refsource_CONFIRM
FEDORA-2011-6838
vendor-advisory
x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=702470
x_refsource_CONFIRM
RHSA-2011:0871
vendor-advisory
x_refsource_REDHAT
44939
third-party-advisory
x_refsource_SECUNIA
47738
vdb-entry
x_refsource_BID
[tigervnc-devel] 20110505 Re: potential vulnerability in TLS secType?
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now