This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Tightvnc First view 2002-09-24
Product Tightvnc Last view 2003-03-03
Version 1.2.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:tightvnc:tightvnc

Activity : Overall

Related : CVE

  Date Alert Description
5 2003-03-03 CVE-2002-1511

The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.

2.1 2002-12-31 CVE-2002-1848

TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords.

7.5 2002-12-11 CVE-2002-1336

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

4.6 2002-09-24 CVE-2002-0971

Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box.

Open Source Vulnerability Database (OSVDB)

id Description
45281 TightVNC WinVNC Properties Dialog Plaintext Password Disclosure
6278 VNC Weak Authentication Cookie
6277 TightVNC / TridiaVNC Win32 Messaging System Command Execution
6276 TightVNC Challenge String Re-use Weakness

Nessus® Vulnerability Scanner

id Description
2004-07-31 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2003-022.nasl - Type: ACT_GATHER_INFO
2004-07-06 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2002-287.nasl - Type: ACT_GATHER_INFO
2004-07-06 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2003-068.nasl - Type: ACT_GATHER_INFO