CVE-2001-1422

critical

Description

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/5992

http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117

http://www.securityfocus.com/bid/2275

http://www.kb.cert.org/vuls/id/303080

Details

Source: Mitre, NVD

Published: 2001-01-23

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.01028