返回 CVE 瀏覽器

CVE-2001-1422

HIGH

7.5

CVSS Severity Score

EPSS Score0.0380%

EPSS Percentile6.57th

Published2001年1月23日

Last Modified2026年4月16日

Vulnerability Description

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Affected Platforms (CPE)

📦

Att

Winvnc

<= 3.3.3

References & Advisories

🔗 http://www.kb.cert.org/vuls/id/303080

🔗 http://www.securityfocus.com/bid/2275

🔗 http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/5992

🔗 http://www.kb.cert.org/vuls/id/303080

🔗 http://www.securityfocus.com/bid/2275

🔗 http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/5992

相關漏洞威脅

CVE-2001-016810.0

Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary...

CVE-2001-159410.0

GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polest...

CVE-2000-11649.0

WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which...

CVE-2001-01677.6

Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary...