Unrated severityNVD Advisory· Published Jan 23, 2001· Updated Apr 16, 2026

CVE-2001-1422

Description

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Affected products

Att/Winvnc
cpe:2.3:a:att:winvnc:*:*:*:*:*:*:*:*
Range: <=3.3.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/303080nvdThird Party AdvisoryUS Government Resource
www.securityfocus.com/bid/2275nvdVendor Advisory
www1.corest.com/common/showdoc.phpnvdVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/5992nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000