CVE-2001-1422

Опубликовано: 23 янв. 2001

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Ссылки

http://www.kb.cert.org/vuls/id/303080
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/2275
Vendor Advisory
http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5992
http://www.kb.cert.org/vuls/id/303080
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/2275
Vendor Advisory
http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5992

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:att:winvnc:*:*:*:*:*:*:*:*

Версия до 3.3.3 (включая)

EPSS

Процентиль: 80%

0.0139

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-hf8p-xhgf-8g9v

github

больше 3 лет назад