← CVECheck
HomeVulnerabilities

CVE-2001-1422 — HIGH severity vulnerability (WinVNC 3.3.3 and earlier generates the same challenge string)

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

CVE IDCVE-2001-1422
SeverityHIGH
CVSS score7.5
CVSS vectorAV:N/AC:L/Au:N/C:P/I:P/A:P
CWENVD-CWE-Other
StatusModified
Published2001-01-23
Last modified2026-04-16
DescriptionWinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →