CVE-2001-1422

2005-03-2005:00:00

mitre

www.cve.org

7 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.9%

JSON

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

References

www.kb.cert.org/vuls/id/303080

www.securityfocus.com/bid/2275

www1.corest.com/common/showdoc.php?idxseccion=10&idx=117

exchange.xforce.ibmcloud.com/vulnerabilities/5992