CVE-2002-0994
Description
SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:sun:sun_pci_ii_driver:2.3:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
Root cause
"The VNC authentication scheme uses a weak method for generating encryption keys, allowing attackers to recover the password by sniffing network traffic."
Attack vector
An attacker with the ability to sniff unencrypted network traffic can capture the random byte challenge used during the VNC authentication process. This challenge is used to derive the encryption key, allowing the attacker to recover the plaintext password. Exploitation is not possible if the network traffic is encrypted with an additional secure layer, such as SSL [ref_id=1].
Affected code
The vulnerability lies within the authentication scheme of the VNC client and server software included in version 2.3 of the SunPCi Driver Software [ref_id=1]. The provided C code demonstrates a function `vncDecryptPasswd` which takes a response and a key (derived from the sniffed challenge) to recover the password.
What the fix does
The advisory does not specify a patch or provide details on how the vulnerability is fixed. Remediation guidance suggests that exploitation is not possible if network traffic is encrypted with an additional secure layer, such as SSL [ref_id=1].
Preconditions
- networkThe attacker must be able to sniff unencrypted network traffic between the VNC client and server.
- configThe VNC connection must not be protected by an additional secure layer like SSL.
Reproduction
The provided C code in [ref_id=1] can be used to decrypt the VNC password if the attacker has captured the network challenge and response.
Generated on Jun 5, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- www.securityfocus.com/bid/5146nvdExploitVendor Advisory
- www.iss.net/security_center/static/9476.phpnvdVendor Advisory
- archives.neohapsis.com/archives/vulnwatch/2002-q3/0003.htmlnvd
News mentions
0No linked articles in our index yet.