PT-2003-1244 · Tightvnc · Vncserver
Published
2003-03-03
·
Updated
2008-09-10
·
CVE-2002-1511
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
vncserver versions prior to 3.3.3r2-21
Description
The issue is related to the use of the rand() function instead of srand() in the vncserver wrapper, resulting in the generation of weak cookies.
Recommendations
For versions prior to 3.3.3r2-21, update to version 3.3.3r2-21 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Vncserver