TightVNC prior to 1.2.6 generates the same challenge string for multiple connections, which allows remote malicious users to bypass VNC authentication by sniffing the challenge and response of other users.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tightvnc tightvnc 1.2.4 |
||
tightvnc tightvnc 1.2.5 |
||
tightvnc tightvnc 1.2.1 |
||
tightvnc tightvnc 1.2.3 |
||
tightvnc tightvnc 1.2.0 |