qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qemu | Qemu | * | 0.11.0 (including) |
| Qemu | Qemu | 0.1.0 (including) | 0.1.0 (including) |
| Qemu | Qemu | 0.1.1 (including) | 0.1.1 (including) |
| Qemu | Qemu | 0.1.2 (including) | 0.1.2 (including) |
| Qemu | Qemu | 0.1.3 (including) | 0.1.3 (including) |
| Qemu | Qemu | 0.1.4 (including) | 0.1.4 (including) |
| Qemu | Qemu | 0.1.5 (including) | 0.1.5 (including) |
| Qemu | Qemu | 0.1.6 (including) | 0.1.6 (including) |
| Qemu | Qemu | 0.10.0 (including) | 0.10.0 (including) |
| Qemu | Qemu | 0.10.1 (including) | 0.10.1 (including) |
| Qemu | Qemu | 0.10.2 (including) | 0.10.2 (including) |
| Qemu | Qemu | 0.10.3 (including) | 0.10.3 (including) |
| Qemu | Qemu | 0.10.4 (including) | 0.10.4 (including) |
| Qemu | Qemu | 0.10.5 (including) | 0.10.5 (including) |
| Qemu | Qemu | 0.10.6 (including) | 0.10.6 (including) |
| Qemu | Qemu | 0.11.0-rc0 (including) | 0.11.0-rc0 (including) |
| Qemu | Qemu | 0.11.0-rc1 (including) | 0.11.0-rc1 (including) |
| Red Hat Enterprise Linux 6 | RedHat | qemu-kvm-2:0.12.1.2-2.113.el6_0.8 | * |
| Qemu-kvm | Ubuntu | karmic | * |
| Qemu-kvm | Ubuntu | lucid | * |
| Qemu-kvm | Ubuntu | maverick | * |
| Qemu-kvm | Ubuntu | upstream | * |