Описание
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:tightvnc:tightvnc:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tightvnc:tightvnc:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:tightvnc:tightvnc:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:tightvnc:tightvnc:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:tightvnc:tightvnc:1.2.5:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01074
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
redhat
больше 23 лет назад
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
debian
почти 23 года назад
TightVNC before 1.2.6 generates the same challenge string for multiple ...
github
больше 3 лет назад
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
EPSS
Процентиль: 77%
0.01074
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other