CVE-2002-1336

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640
http://marc.info/?l=bugtraq&m=102753170201524&w=2
http://marc.info/?l=bugtraq&m=102769183913594&w=2
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022
http://www.redhat.com/support/errata/RHSA-2002-287.html
http://www.redhat.com/support/errata/RHSA-2003-041.html
http://www.securityfocus.com/bid/5296
http://www.tightvnc.com/WhatsNew.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/5992

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:tightvnc:tightvnc:1.2.0:::::::*
	cpe:2.3:a:tightvnc:tightvnc:1.2.1:::::::*
	cpe:2.3:a:tightvnc:tightvnc:1.2.3:::::::*
	cpe:2.3:a:tightvnc:tightvnc:1.2.4:::::::*
	cpe:2.3:a:tightvnc:tightvnc:1.2.5:::::::*

History

No history.

Information

Published : 2002-12-11 05:00

Updated : 2023-12-10 10:17

NVD link : CVE-2002-1336

Mitre link : CVE-2002-1336

CVE.ORG link : CVE-2002-1336

JSON object : View

Products Affected

tightvnc

tightvnc

CWE

NVD-CWE-Other

{"id": "CVE-2002-1336", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-12-11T05:00:00.000", "references": [{"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=102753170201524&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=102769183913594&w=2", "source": "cve@mitre.org"}, {"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-287.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-041.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5296", "source": "cve@mitre.org"}, {"url": "http://www.tightvnc.com/WhatsNew.txt", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5992", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users."}, {"lang": "es", "value": "TightVNC anterior a 1.2.6 genera la misma cadena de desaf\u00edo a m\u00faltiples conexiones, lo que permite a atacantes remotos evitar la autenticaci\u00f3n VNC espiando el desafio y la respuesta de otros usuarios."}], "lastModified": "2017-10-10T01:30:11.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2F4EE57-DA68-4438-A401-BAC82B7242D2"}, {"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9E11A57-016E-4720-A266-A53743629CD8"}, {"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF990CCF-70BE-46F6-9360-ECC39B6D6F3B"}, {"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0274E35A-ACAB-43F5-A4F3-383CA9EEA1CC"}, {"criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FD5B03E-D897-4A06-A3EF-62B13B46B7EF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}