UltraVNC Weak Challenge-Response Authentication Vulnerability

UltraVNC is susceptible to a weak challenge-response authentication vulnerability. This issue is due to the use of insecure encryption during the authentication process of UltraVNC.

Exploiting this issue allows attackers to gain access to the plaintext password used during the UltraVNC authentication process. This will aid them in further attacks.

UltraVNC version 1.0.1 is vulnerable to this issue; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus