Vulnerabilities > CVE-2006-2206 - Authentication vulnerability in Ultravnc 1.0.1

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

ultravnc

critical

NVD

Published: 2006-05-05

Updated: 2017-07-20

Summary

The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords.

Vulnerable Configurations

Part	Description	Count
Application	Ultravnc Ultravnc Ultravnc 1.0.1	1

References

http://archives.neohapsis.com/archives/bugtraq/2006-05/0057.html
http://www.securityfocus.com/bid/17824
https://exchange.xforce.ibmcloud.com/vulnerabilities/26283