Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AC:H because the attacker must observe the handshake (sniff/MITM); PR:N/UI:N as no auth or interaction is needed; primary impact is credential confidentiality (C:H), with integrity/availability not directly affected.
Primary rating from Vendor (securin).
CVSS VectorVendor: securin
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme (rfbUltraVNC_MsLogonIIAuth). In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer (DH_MAX_BITS controls the prime size). A 64-bit DH key can be broken by Pollard's rho algorithm in under one second on current hardware. Additionally, the private exponent is generated by the rng() function, which multiplies three libc rand() values seeded from time(NULL). With approximately 31 bits of internal state and a time-based seed, the private exponent is recoverable in under a minute by a passive observer. A network attacker who can observe the MS-Logon II handshake (via sniffing, recording, or man-in-the-middle) can derive the shared DH key and decrypt the encapsulated username and password, resulting in full credential disclosure. This affects legacy MS-Logon II connections; MS-Logon III (X25519 + AES-256-GCM) is unaffected.
AnalysisAI
Credential disclosure in UltraVNC through 1.8.2.2 lets a passive network observer break the MS-Logon II authentication handshake and recover plaintext usernames and passwords. The rfbUltraVNC_MsLogonIIAuth scheme relies on a Diffie-Hellman exchange whose prime fits in an unsigned 64-bit integer and a private exponent derived from time(NULL)-seeded libc rand(), both of which are trivially solvable, so an attacker who sniffs or man-in-the-middles the exchange derives the shared key in seconds to a minute. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the target connection to use the legacy MS-Logon II authentication scheme (rfbUltraVNC_MsLogonIIAuth); connections using MS-Logon III (X25519 + AES-256-GCM) are immune. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This is a genuine credential-exposure risk for environments still using legacy MS-Logon II, but exploitability is gated by network position rather than being drive-by remote. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker on the same LAN segment as a VNC client and server (or positioned on-path via ARP spoofing) passively records the MS-Logon II handshake. They solve the 64-bit Diffie-Hellman exchange with Pollard's rho and recover the time-seeded private exponent by brute force within a minute, reconstruct the shared key, and decrypt the encapsulated username and password to obtain the operator's credentials. … |
| Remediation | No vendor-released patch version is identified at time of analysis (the references point to the vendor homepage https://uvnc.com/ and the repository https://github.com/ultravnc/UltraVNC, not to a tagged fixed release), so confirm the current fixed build directly with UltraVNC before relying on an upgrade. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all UltraVNC deployments and versions in use; assess exposure to untrusted networks. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allow
UltraVNC versions up to 1.6.4.0 suffer from an uncontrolled search path vulnerability in version.dll loaded by the Servi
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allow
Remote code execution in the UltraVNC repeater (through version 1.8.2.2) allows an unauthenticated attacker who can reac
Authentication via hardcoded default credentials in UltraVNC repeater through 1.8.2.2 lets any remote attacker who can r
Remote code execution in the UltraVNC Viewer (all versions through 1.8.2.2) stems from an integer overflow in the RFB fa
Denial of service in the UltraVNC viewer (vncviewer) through 1.8.2.2 arises from an off-by-one stack buffer overflow in
Remote code execution in the UltraVNC Repeater (through version 1.8.2.2) allows an authenticated administrator to corrup
Out-of-bounds read in UltraVNC through version 1.8.2.2 allows network-authenticated attackers to potentially crash the V
UltraVNC through 1.8.2.2 exposes a cryptographically weak VNC authentication challenge generator that an attacker can pr
Heap buffer overflow in UltraVNC Repeater through 1.8.2.2 stems from an integer overflow in the HTTP request logging fun
UltraVNC Repeater through 1.8.2.2 harbors a latent off-by-one stack buffer boundary condition in its HTTP Basic authenti
Same weakness CWE-326 – Inadequate Encryption Strength
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40882
GHSA-gf4x-6rw3-q4x6