libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
References
Configurations
History
12 Feb 2023, 23:22
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2016-07-13 15:59
Updated : 2023-12-10 11:46
NVD link : CVE-2016-5008
Mitre link : CVE-2016-5008
CVE.ORG link : CVE-2016-5008
JSON object : View
Products Affected
debian
- debian_linux
redhat
- libvirt
CWE
CWE-284
Improper Access Control