UltraVNC Weak Challenge-Response Authentication Vulnerability

Attackers use standard network-capture software and decryption utilities to exploit this issue.

An updated VNCrackX4 application may be available at the referenced 'www.phenoelit.de' URI; this application can obtain plaintext passwords from captured challenge-response data.


 

Privacy Statement
Copyright 2010, SecurityFocus