PT-2020-6482 · Tigervnc+7 · Tigervnc+7

Andreas Stieger

Published

2020-09-27

Updated

2025-09-15

CVE-2020-26117

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions TigerVNC versions prior to 1.11.0

Description The issue is related to the mishandling of TLS certificate exceptions in TigerVNC. Viewers store the certificates as authorities, allowing the owner of a certificate to impersonate any server after a client has added an exception. This could enable a remote attacker to access and compromise confidential data.

Recommendations For TigerVNC versions prior to 1.11.0, update to version 1.11.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of TLS certificate exceptions in the viewer until a patch is available. Restrict access to sensitive data and servers to minimize the risk of exploitation.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALT-PU-2020-3339

ALT-PU-2020-3345

ALT-PU-2021-1185

ALT-PU-2021-2469

ALT-PU-2024-1936

ALT-PU-2024-3843

ALT-PU-2025-11601

BDU:2021-05229

CESA-2021_1783

CVE-2020-26117

DLA-2396-1

MGASA-2020-0388

OPENSUSE-SU-2020:1666-1

OPENSUSE-SU-2020:1841-1

OPENSUSE-SU-2020_1666-1

OPENSUSE-SU-2020_1841-1

OPENSUSE-SU-2024:10591-1

RHSA-2021:1783

RHSA-2021_1783

RLSA-2021:1783

SUSE-SU-2020:2880-1

SUSE-SU-2020:2881-1

SUSE-SU-2020:2882-1

SUSE-SU-2020:2898-1

SUSE-SU-2020_2880-1

SUSE-SU-2020_2881-1

SUSE-SU-2020_2882-1

SUSE-SU-2020_2898-1

USN-5965-1

Affected Products

Alt Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Tigervnc

Ubuntu

PT-2020-6482 · Tigervnc+7 · Tigervnc+7

CVE-2020-26117

Weakness Enumeration

Related Identifiers

Affected Products

References · 59