CVE: CVE-2001-1422 - CVE-Search

CVE Details for CVE: CVE-2001-1422

Summary

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Timestamps
Last major update	11-07-2017 - 01:29
Published	23-01-2001 - 05:00
Last modified	11-07-2017 - 01:29

References

http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117
http://www.kb.cert.org/vuls/id/303080
http://www.securityfocus.com/bid/2275
https://exchange.xforce.ibmcloud.com/vulnerabilities/5992

Vulnerable Configurations

cpe:2.3:a:att:winvnc:*:*:*:*:*:*:*:*
cpe:2.3:a:att:winvnc:*:*:*:*:*:*:*:*

CAPEC

Click the CAPEC title to display a description

CWE

NVD-CWE-Other

CVSS

Base

7.5

Impact

6.4

Exploitability

10.0

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

CVSS3

None

VIA4 references

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	2275
cert-vn	VU#303080
misc	http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117
xf	vnc-weak-authentication(5992)