CVE-2019-17662
N/A
N/A
Summary
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://redteamzone.com/ThinVNC/
- https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py
- https://github.com/bewest/thinvnc/issues/5
- http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html
References
- https://redteamzone.com/ThinVNC/
- https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py
- https://github.com/bewest/thinvnc/issues/5
- http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.