QwikSec

Security Database

CVE

CWE

Training

CVE-2020-26117

Published: Sep 27, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/TigerVNC/tigervnc/releases/tag/v1.11.0

x_refsource_MISC

https://github.com/TigerVNC/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6e

x_refsource_MISC

https://github.com/TigerVNC/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cba

x_refsource_MISC

https://github.com/TigerVNC/tigervnc/commit/20dea801e747318525a5859fe4f37c52b05310cb

x_refsource_MISC

https://github.com/TigerVNC/tigervnc/commit/7399eab79a4365434d26494fa1628ce1eb91562b

x_refsource_MISC

https://bugzilla.opensuse.org/show_bug.cgi?id=1176733

x_refsource_MISC

[debian-lts-announce] 20201006 [SECURITY] [DLA 2396-1] tigervnc security update

mailing-list

x_refsource_MLIST

openSUSE-SU-2020:1666

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:1841

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.