Lucene search
Veracode Vulnerability DatabaseVERACODE:37033HistorySep 15, 2022 - 4:36 a.m.
Authentication Bypass
2022-09-1504:36:20
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.007 Low
EPSS
Percentile
80.4%
vncauthproxy is vulnerable to authentication bypass. The vulnerability exists in the check_version function in protocol.py due to improper configuration, allowing a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vncauthproxy | eq | 1.1.1 | |
| vncauthproxy | le | 1.0 | |
| vncauthproxy | eq | 1.1.1 | |
| vncauthproxy | le | 1.0 |
References
cert.grnet.gr/en/blog/cve-2022-36436-twisted-vnc-authentication-proxy-authentication-bypass/
github.com/osuosl/twisted_vncauthproxy/commit/edc149af29242178091b2d6fcd42c3ef0851644b
github.com/osuosl/twisted_vncauthproxy/pull/1
github.com/osuosl/twisted_vncauthproxy/tree/release/1.1.1
pypi.org/project/VNCAuthProxy/
Related
osv
osv
PYSEC-2022-267
2022-09-14 11:15:00
VNCAuthProxy authentication bypass vulnerability
2022-09-16 17:11:31
CVE-2022-36436
2022-09-14 11:15:49
nvd
nvd
CVE-2022-36436
2022-09-14 11:15:49
prion
prion
Authentication flaw
2022-09-14 11:15:00
cvelist
cvelist
CVE-2022-36436
2022-09-14 03:04:34
github
github
VNCAuthProxy authentication bypass vulnerability
2022-09-16 17:11:31
cve
cve
CVE-2022-36436
2022-09-14 11:15:49