CyberSec.Space Logo
CVEブラウザに戻る

CVE-2001-1422

HIGH
7.5
CVSS Severity Score
EPSS Score0.0380%
EPSS Percentile6.57th
Published2001年1月23日
Last Modified2026年4月16日

Vulnerability Description

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Affected Platforms (CPE)

📦
Att

Winvnc

<= 3.3.3

References & Advisories

🔗 http://www.kb.cert.org/vuls/id/303080
🔗 http://www.securityfocus.com/bid/2275
🔗 http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/5992
🔗 http://www.kb.cert.org/vuls/id/303080
🔗 http://www.securityfocus.com/bid/2275
🔗 http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/5992

関連する脆弱性情報

CVE-2001-016810.0

Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary...

CVE-2001-159410.0

GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polest...

CVE-2000-11649.0

WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which...

CVE-2001-01677.6

Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary...