First published: Wed Dec 11 2002(Updated: )
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tightvnc Tightvnc | =1.2.4 | |
Tightvnc Tightvnc | =1.2.0 | |
Tightvnc Tightvnc | =1.2.1 | |
Tightvnc Tightvnc | =1.2.3 | |
Tightvnc Tightvnc | =1.2.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.