7 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.9%
WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
www.kb.cert.org/vuls/id/303080
www.securityfocus.com/bid/2275
www1.corest.com/common/showdoc.php?idxseccion=10&idx=117
exchange.xforce.ibmcloud.com/vulnerabilities/5992