CVE Vulnerabilities

CVE-2011-0011

Improper Authentication

Published: Jun 21, 2012 | Modified: Nov 02, 2020
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:A/AC:H/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Qemu Qemu 0.1.6 0.1.6
Qemu Qemu 0.10.3 0.10.3
Qemu Qemu 0.1.5 0.1.5
Qemu Qemu 0.11.0 0.11.0
Qemu Qemu 0.10.1 0.10.1
Qemu Qemu 0.1.3 0.1.3
Qemu Qemu * 0.11.0
Qemu Qemu 0.10.0 0.10.0
Qemu Qemu 0.1.1 0.1.1
Qemu Qemu 0.11.0 0.11.0
Qemu Qemu 0.1.4 0.1.4
Qemu Qemu 0.10.6 0.10.6
Qemu Qemu 0.1.2 0.1.2
Qemu Qemu 0.10.5 0.10.5
Qemu Qemu 0.10.4 0.10.4
Qemu Qemu 0.10.2 0.10.2
Qemu Qemu 0.1.0 0.1.0

Potential Mitigations

References