UltraVNC Weak Challenge-Response Authentication Vulnerability
BID:17824
Info
UltraVNC Weak Challenge-Response Authentication Vulnerability
| Bugtraq ID: | 17824 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 03 2006 12:00AM |
| Updated: | Jun 21 2006 09:45PM |
| Credit: | Deon Force discovered this vulnerability. |
| Vulnerable: |
Ultr@VNC Ultr@VNC 1.0.1 |
| Not Vulnerable: |
Ultr@VNC Ultr@VNC 1.0.2 |
Discussion
UltraVNC Weak Challenge-Response Authentication Vulnerability
UltraVNC is susceptible to a weak challenge-response authentication vulnerability. This issue is due to the use of insecure encryption during the authentication process of UltraVNC.
Exploiting this issue allows attackers to gain access to the plaintext password used during the UltraVNC authentication process. This will aid them in further attacks.
UltraVNC version 1.0.1 is vulnerable to this issue; other versions may also be affected.
UltraVNC is susceptible to a weak challenge-response authentication vulnerability. This issue is due to the use of insecure encryption during the authentication process of UltraVNC.
Exploiting this issue allows attackers to gain access to the plaintext password used during the UltraVNC authentication process. This will aid them in further attacks.
UltraVNC version 1.0.1 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
UltraVNC Weak Challenge-Response Authentication Vulnerability
Attackers use standard network-capture software and decryption utilities to exploit this issue.
An updated VNCrackX4 application may be available at the referenced 'www.phenoelit.de' URI; this application can obtain plaintext passwords from captured challenge-response data.
Attackers use standard network-capture software and decryption utilities to exploit this issue.
An updated VNCrackX4 application may be available at the referenced 'www.phenoelit.de' URI; this application can obtain plaintext passwords from captured challenge-response data.
Solution / Fix
UltraVNC Weak Challenge-Response Authentication Vulnerability
Solution:
The vendor has released version 1.0.2 to address this issue. Users are advised to contact the vendor for details on obtaining the appropriate updates.
Solution:
The vendor has released version 1.0.2 to address this issue. Users are advised to contact the vendor for details on obtaining the appropriate updates.
References
UltraVNC Weak Challenge-Response Authentication Vulnerability
References:
References: