CVE-2002-1336

Description

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

How to fix CVE-2002-1336

To remediate CVE-2002-1336, upgrade the affected package to a fixed version below.

• Debian/tightvnc—upgrade to 1.2.6-1 or later

Is CVE-2002-1336 being exploited?

Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.2.6-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2002-1336