Описание
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:tightvnc:tightvnc:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tightvnc:tightvnc:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:tightvnc:tightvnc:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:tightvnc:tightvnc:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:tightvnc:tightvnc:1.2.5:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01298
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
redhat
почти 23 года назад
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
debian
больше 22 лет назад
TightVNC before 1.2.6 generates the same challenge string for multiple ...
github
около 3 лет назад
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
EPSS
Процентиль: 79%
0.01298
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other