Vulnerability Note VU#303080

AT&T WinVNC client authentication process vulnerable to man-in-the-middle attack

Original Release date: 13 Jun 2001 | Last revised: 18 Jun 2001

Overview

WinVNC's challenge/response mechanism can allow an intruder to obtain legitimate credentials from a valid client in order to gain unauthorized access to the server.

Description

AT&T WinVNC is a free package available from AT&T Labs Cambridge that allows an existing desktop of a PC to be available on the desktop of a remote host. If an intruder is able to eavesdrop traffic between the client and server with the ability to modify the data, they can gain access to the target system desktop, allowing local access to the system.

Impact

This vulnerability could allow a remote attacker to gain unauthorized access to the WinVNC service.

Solution

Tunnel WinVNC through software which provides strong authentication and secure communication. There is an example of this at http://www.uk.research.att.com/vnc/sshvnc.html.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
ATTAffected-14 Jun 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Our thanks to CORE SDI for the information contained in their bulletin.

This document was written by Ian A. Finlay.

Other Information

  • CVE IDs: Unknown
  • Date Public: 23 Jan 2001
  • Date First Published: 13 Jun 2001
  • Date Last Updated: 18 Jun 2001
  • Severity Metric: 3.95
  • Document Revision: 34

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.