CVE-2002-1336

N/A Unknown

Published: December 11, 2002 Modified: April 16, 2026

Description

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=102753170201524&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=102769183913594&w=2

Source: cve@mitre.org

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2002-287.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2003-041.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/5296

Source: cve@mitre.org

http://www.tightvnc.com/WhatsNew.txt

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/5992

Source: cve@mitre.org

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640