Vulnerabilities > CVE-2002-1336 - Unspecified vulnerability in Tightvnc
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-022.NASL description A vulnerability was discovered in the VNC server script that generates an X cookie, used by X authentication. The script generated a cookie that was not strong enough and allow an attacker to more easily guess the authentication cookie, thus obtaining unauthorized access to the VNC server. last seen 2020-06-01 modified 2020-06-02 plugin id 14007 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14007 title Mandrake Linux Security Advisory : vnc (MDKSA-2003:022) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2002-287.NASL description Updated VNC packages are available to fix a challenge replay attack that is present in the VNC server. VNC is a tool for providing a remote graphical user interface. The VNC DES authentication scheme is implemented using a challenge-response architecture, producing a random and different challenge for each authentication attempt. A bug in the function for generating the random challenge caused the random seed to be reset to the current time on every authentication attempt. As a result, two authentication attempts within the same second could receive the same challenge. An eavesdropper could exploit this vulnerability by replaying the response, thereby gaining authentication. All users of VNC are advised to upgrade to these errata packages, which contain an updated version and are not vulnerable to this issue. Note that when using VNC on an untrusted network, always make sure to tunnel the VNC protocol through a secure, authenticated channel such as SSH. Instructions on how to tunnel VNC through SSH are provided at the following URL: http://www.uk.research.att.com/vnc/sshvnc.html last seen 2020-06-01 modified 2020-06-02 plugin id 12339 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12339 title RHEL 2.1 : vnc (RHSA-2002:287)
Redhat
| advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640
- http://marc.info/?l=bugtraq&m=102753170201524&w=2
- http://marc.info/?l=bugtraq&m=102769183913594&w=2
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022
- http://www.redhat.com/support/errata/RHSA-2002-287.html
- http://www.redhat.com/support/errata/RHSA-2003-041.html
- http://www.securityfocus.com/bid/5296
- http://www.tightvnc.com/WhatsNew.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5992