CVE-2001-1422

Sažetak

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Reference

http://www.kb.cert.org/vuls/id/303080
http://www.securityfocus.com/bid/2275
http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117
https://exchange.xforce.ibmcloud.com/vulnerabilities/5992

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-07-2017 - 01:29

Objavljeno

23-01-2001 - 05:00