CVE-2011-1775

Name of the Vulnerable Software and Affected Versions TigerVNC version 1.1beta1

Description The issue arises from the CSecurityTLS::processMsg function in the vncviewer component, which fails to properly verify the server's X.509 certificate. This allows man-in-the-middle attackers to spoof a TLS VNC server by using an arbitrary certificate.

Recommendations For TigerVNC version 1.1beta1, as a temporary workaround, consider disabling the TLS connection until a patch is available. Restrict access to the vncviewer component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.