Weak Random Number Generation in UltraVNC by UltraVNC
CVE-2026-44040
4.8MEDIUM
What is CVE-2026-44040?
UltraVNC versions up to 1.8.2.2 suffer from a vulnerability arising from a weak pseudo-random number generator employed for generating VNC authentication challenge bytes. The vncRandomBytes() function initializes the random number generation process using easily predictable values, including the current time and process ID, leading to a confined seed space of around 31 bits. This enables attackers who can observe the authentication exchange to successfully enumerate the seed and predict the generated challenge within a few seconds, allowing for potential forgery or offline brute-forcing of authentication responses. Investigations are ongoing regarding the implications in Windows binaries due to different code paths.
Affected Version(s)
UltraVNC 0 <= 1.8.2.2
