DescriptionTightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
SUSE Timeline for this CVECVE page created: Fri Jun 28 00:37:38 2013
CVE page last modified: Fri Oct 7 12:45:26 2022