CVE-2001-1422

Published: Jan 23, 2001Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Affected (1)

Products: Att: Winvnc

Att

1 product

Winvnc

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Att Winvnc	Up to 3.3.3

References (8)

http://www.kb.cert.org/vuls/id/303080

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/2275

Source: cve@mitre.org

Vendor Advisory

http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/5992

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/303080

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/2275

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/5992

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.