CVE-2002-1336 | Vulnerability Database | Aqua Security

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Affected Software

Name	Vendor	Start Version	End Version
Tightvnc	Tightvnc	1.2.0 (including)	1.2.0 (including)
Tightvnc	Tightvnc	1.2.1 (including)	1.2.1 (including)
Tightvnc	Tightvnc	1.2.3 (including)	1.2.3 (including)
Tightvnc	Tightvnc	1.2.4 (including)	1.2.4 (including)
Tightvnc	Tightvnc	1.2.5 (including)	1.2.5 (including)
Red Hat Enterprise Linux AS (Advanced Server) version 2.1	RedHat		*
Red Hat Linux 7.0	RedHat		*
Red Hat Linux 7.1	RedHat		*
Red Hat Linux 7.2	RedHat		*
Red Hat Linux 7.3	RedHat		*
Red Hat Linux 8.0	RedHat		*

References

http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000640
http://marc.info/?l=bugtraq\u0026m=102753170201524\u0026w=2
http://marc.info/?l=bugtraq\u0026m=102769183913594\u0026w=2
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022
http://www.redhat.com/support/errata/RHSA-2002-287.html
http://www.redhat.com/support/errata/RHSA-2003-041.html
http://www.securityfocus.com/bid/5296
http://www.tightvnc.com/WhatsNew.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/5992
http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000640
http://marc.info/?l=bugtraq\u0026m=102753170201524\u0026w=2
http://marc.info/?l=bugtraq\u0026m=102769183913594\u0026w=2
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022
http://www.redhat.com/support/errata/RHSA-2002-287.html
http://www.redhat.com/support/errata/RHSA-2003-041.html
http://www.securityfocus.com/bid/5296
http://www.tightvnc.com/WhatsNew.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/5992

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-1336
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html