CVE-2002-1336Tightvnc vulnerability

6 documents6 sources
Severity
7.5HIGHNVD
EPSS
1.1%
top 22.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
TightvncDebian Tightvnc
Timeline
PublishedDec 11
Latest updateApr 30

Description

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/tightvnc< tightvnc 1.2.6-1 (bookworm)
Debiantightvnc/tightvnc< 1.2.6-1+3
NVDtightvnc/tightvnc5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-fcjm-23wr-m9g6: TightVNC before 12022-04-30
OSV
CVE-2002-1336: TightVNC before 12002-12-11

📋Vendor Advisories

2
Red Hat
security flaw2002-07-26
Debian
CVE-2002-1336: tightvnc - TightVNC before 1.2.6 generates the same challenge string for multiple connectio...2002

💬Community

1
Bugzilla
CVE-2002-1336 security flaw2018-08-16
CVE-2002-1336 — Debian Tightvnc vulnerability | cvebase