CVE-2002-1336 Information

Description

TightVNC before 1.2.6 generates the same challenge string for multiple connections which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Reference

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640 http://marc.info/?l=bugtraq&m=102753170201524&w=2 http://marc.info/?l=bugtraq&m=102769183913594&w=2 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022 http://www.redhat.com/support/errata/RHSA-2002-287.html http://www.redhat.com/support/errata/RHSA-2003-041.html http://www.securityfocus.com/bid/5296 http://www.tightvnc.com/WhatsNew.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/5992