Vulnerabilities > CVE-2006-2206 - Authentication vulnerability in Ultravnc 1.0.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |