Vulnerability Details CVE-2006-2206
The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.7%
CVSS Severity
CVSS v2 Score 10.0
References
- http://archives.neohapsis.com/archives/bugtraq/2006-05/0057.html
- http://www.securityfocus.com/bid/17824
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26283
- http://archives.neohapsis.com/archives/bugtraq/2006-05/0057.html
- http://www.securityfocus.com/bid/17824
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26283