CVE-2002-1336

critical

Description

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/5992

http://www.tightvnc.com/WhatsNew.txt

http://www.securityfocus.com/bid/5296

http://www.redhat.com/support/errata/RHSA-2003-041.html

http://www.redhat.com/support/errata/RHSA-2002-287.html

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022

http://marc.info/?l=bugtraq&m=102769183913594&w=2

http://marc.info/?l=bugtraq&m=102753170201524&w=2

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640

Details

Source: Mitre, NVD

Published: 2002-12-11

Updated: 2017-10-10

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

Detections

Analytics