{"vuid":"VU#303080","idnumber":"303080","name":"AT&T WinVNC client authentication process vulnerable to man-in-the-middle attack","keywords":["AT&T","WinVNC","VNC"],"overview":"WinVNC's challenge/response mechanism can allow an intruder to obtain legitimate credentials from a valid client in order to gain unauthorized access to the server.","clean_desc":"AT&T WinVNC is a free package available from AT&T Labs Cambridge that allows an existing desktop of a PC to be available on the desktop of a remote host. If an intruder is able to eavesdrop traffic between the client and server with the ability to modify the data, they can gain access to the target system desktop, allowing local access to the system.","impact":"This vulnerability could allow a remote attacker to gain unauthorized access to the WinVNC service.","resolution":"","workarounds":"Tunnel WinVNC through software which provides strong authentication and secure communication. There is an example of this at http://www.uk.research.att.com/vnc/sshvnc.html.","sysaffected":"","thanks":"Our thanks to CORE SDI for the information contained in their bulletin.","author":"This document was written by Ian A. Finlay.","public":["http://www.securityfocus.com/bid/2275","   http://www.uk.research.att.com/vnc/","   http://www.uk.research.att.com/vnc/sshvnc.html","   http://www.core-sdi.com/advisories/att_vnc.htm"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-01-26T01:16:37Z","publicdate":"2001-01-23T00:00:00Z","datefirstpublished":"2001-06-13T13:27:45Z","dateupdated":"2001-06-18T23:41:48Z","revision":34,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"9","cam_impact":"13","cam_easeofexploitation":"6","cam_attackeraccessrequired":"20","cam_scorecurrent":"3.94875","cam_scorecurrentwidelyknown":"5.265","cam_scorecurrentwidelyknownexploited":"10.53","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.94875,"vulnote":null}