oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: tigervnc

From: Vincent Danen <vdanen () redhat com>
Date: Fri, 6 May 2011 08:39:29 -0600
The vncviewer in tigervnc had X.509 certificate support added in svn
r4200 (currently beta, slated for the 1.1.0 release).  It would prompt
for and send authentication credentials before properly validating the
X.509 certificate, which makes it susceptible to a man-in-the-middle
attack.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=702470
http://www.mail-archive.com/tigervnc-devel () lists sourceforge net/msg01342.html
http://www.mail-archive.com/tigervnc-devel () lists sourceforge net/msg01347.html

Could a CVE be assigned to this please?  Thanks.

--
Vincent Danen / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: