CVE-2006-2206 — Ultravnc vulnerability

2 documents2 sources

Severity

10.0CRITICALNVD

EPSS

0.8%

top 26.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ultravnc

Timeline

PublishedMay 5

Latest updateMay 1

Description

The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDultravnc/ultravnc1.0.1

🔴Vulnerability Details

GHSA

GHSA-7p8q-42p8-hwxr: The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1↗2022-05-01

▶