AT&T WinVNC client authentication process vulnerable to man-in-the-middle attack

Overview WinVNC's challenge/response mechanism can allow an intruder to obtain legitimate credentials from a valid client in order to gain unauthorized access to the server. Description AT&T WinVNC is a free package available from AT&T Labs Cambridge that allows an existing desktop of a PC to be...

CVE-2000-1164

WinVNC installs the WinVNC3 registry key with permissions that give Special Access read and modify to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system...