TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tightvnc | Tightvnc | 1.2.4 | 1.2.4 |
Tightvnc | Tightvnc | 1.2.0 | 1.2.0 |
Tightvnc | Tightvnc | 1.2.1 | 1.2.1 |
Tightvnc | Tightvnc | 1.2.3 | 1.2.3 |
Tightvnc | Tightvnc | 1.2.5 | 1.2.5 |