← CVECheck
HomeVulnerabilities

CVE-2002-1336 — HIGH severity vulnerability (TightVNC before 1.2.6 generates the same challenge string fo)

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

CVE IDCVE-2002-1336
SeverityHIGH
CVSS score7.5
CVSS vectorAV:N/AC:L/Au:N/C:P/I:P/A:P
CWENVD-CWE-Other
StatusModified
Published2002-12-11
Last modified2026-04-16
DescriptionTightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →