Vulnerabilities > CVE-2001-1422 - Authentication vulnerability in AT&T; VNC Weak

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

att

NVD

Published: 2001-01-23

Updated: 2017-07-11

Summary

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Vulnerable Configurations

Part	Description	Count
Application	Att ATT Winvnc *	1

References

http://www.kb.cert.org/vuls/id/303080
http://www.securityfocus.com/bid/2275
http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117
https://exchange.xforce.ibmcloud.com/vulnerabilities/5992