CVE-2006-2206

Name of the Vulnerable Software and Affected Versions UltraVNC version 1.0.1

Description The issue concerns the MS-Logon authentication scheme in UltraVNC, which utilizes weak encryption (XOR) for challenge/response. This weakness allows remote attackers to gain privileges by sniffing and decrypting passwords.

Recommendations For UltraVNC version 1.0.1, consider disabling the MS-Logon authentication scheme until a patch or secure alternative is available. Restrict access to sensitive resources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.