CVE-2026-7830 (GCVE-0-2026-7830)

Vulnerability from cvelistv5 – Published: 2026-07-01 03:33 – Updated: 2026-07-01 13:13
VLAI
Title
UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception
Summary
UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme (rfbUltraVNC_MsLogonIIAuth). In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer (DH_MAX_BITS controls the prime size). A 64-bit DH key can be broken by Pollard's rho algorithm in under one second on current hardware. Additionally, the private exponent is generated by the rng() function, which multiplies three libc rand() values seeded from time(NULL). With approximately 31 bits of internal state and a time-based seed, the private exponent is recoverable in under a minute by a passive observer. A network attacker who can observe the MS-Logon II handshake (via sniffing, recording, or man-in-the-middle) can derive the shared DH key and decrypt the encapsulated username and password, resulting in full credential disclosure. This affects legacy MS-Logon II connections; MS-Logon III (X25519 + AES-256-GCM) is unaffected.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-326 - Inadequate Encryption Strength
  • CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Assigner
References
URL Tags
https://uvnc.com/ vendor-advisory
https://github.com/ultravnc/UltraVNC product
Impacted products
Vendor Product Version
uvnc UltraVNC Affected: 0 , ≤ 1.8.2.2 (custom)
Create a notification for this product.
Credits
Arjun Basnet, Securin (arjun.basnet@securin.io)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-7830",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T13:13:10.627838Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T13:13:23.590Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "winvnc",
            "ms-logon"
          ],
          "product": "UltraVNC",
          "vendor": "uvnc",
          "versions": [
            {
              "lessThanOrEqual": "1.8.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Arjun Basnet, Securin (arjun.basnet@securin.io)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme (rfbUltraVNC_MsLogonIIAuth). In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer (DH_MAX_BITS controls the prime size). A 64-bit DH key can be broken by Pollard\u0027s rho algorithm in under one second on current hardware. Additionally, the private exponent is generated by the rng() function, which multiplies three libc rand() values seeded from time(NULL). With approximately 31 bits of internal state and a time-based seed, the private exponent is recoverable in under a minute by a passive observer. A network attacker who can observe the MS-Logon II handshake (via sniffing, recording, or man-in-the-middle) can derive the shared DH key and decrypt the encapsulated username and password, resulting in full credential disclosure. This affects legacy MS-Logon II connections; MS-Logon III (X25519 + AES-256-GCM) is unaffected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-326",
              "description": "Inadequate Encryption Strength",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-338",
              "description": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T03:33:24.106Z",
        "orgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
        "shortName": "securin"
      },
      "references": [
        {
          "name": "UltraVNC project page",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://uvnc.com/"
        },
        {
          "name": "UltraVNC source repository",
          "tags": [
            "product"
          ],
          "url": "https://github.com/ultravnc/UltraVNC"
        }
      ],
      "source": {
        "advisory": "Securin Security Advisory \u2014 FINDING-002",
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-06-02T00:00:00.000Z",
          "value": "Vulnerability discovered during security audit"
        },
        {
          "lang": "en",
          "time": "2026-06-17T00:00:00.000Z",
          "value": "Reported to vendor (coordinated disclosure)"
        },
        {
          "lang": "en",
          "time": "2026-09-15T00:00:00.000Z",
          "value": "Planned public disclosure (90-day window)"
        }
      ],
      "title": "UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
    "assignerShortName": "securin",
    "cveId": "CVE-2026-7830",
    "datePublished": "2026-07-01T03:33:24.106Z",
    "dateReserved": "2026-05-05T03:40:59.002Z",
    "dateUpdated": "2026-07-01T13:13:23.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-7830",
      "date": "2026-07-03",
      "epss": "0.00183",
      "percentile": "0.08049"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-7830\",\"sourceIdentifier\":\"33c584b5-0579-4c06-b2a0-8d8329fcab9c\",\"published\":\"2026-07-01T05:16:24.210\",\"lastModified\":\"2026-07-02T15:18:24.550\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme (rfbUltraVNC_MsLogonIIAuth). In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer (DH_MAX_BITS controls the prime size). A 64-bit DH key can be broken by Pollard\u0027s rho algorithm in under one second on current hardware. Additionally, the private exponent is generated by the rng() function, which multiplies three libc rand() values seeded from time(NULL). With approximately 31 bits of internal state and a time-based seed, the private exponent is recoverable in under a minute by a passive observer. A network attacker who can observe the MS-Logon II handshake (via sniffing, recording, or man-in-the-middle) can derive the shared DH key and decrypt the encapsulated username and password, resulting in full credential disclosure. This affects legacy MS-Logon II connections; MS-Logon III (X25519 + AES-256-GCM) is unaffected.\"}],\"affected\":[{\"source\":\"33c584b5-0579-4c06-b2a0-8d8329fcab9c\",\"affectedData\":[{\"vendor\":\"uvnc\",\"product\":\"UltraVNC\",\"defaultStatus\":\"unaffected\",\"modules\":[\"winvnc\",\"ms-logon\"],\"versions\":[{\"version\":\"0\",\"lessThanOrEqual\":\"1.8.2.2\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"33c584b5-0579-4c06-b2a0-8d8329fcab9c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-01T13:13:10.627838Z\",\"id\":\"CVE-2026-7830\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"33c584b5-0579-4c06-b2a0-8d8329fcab9c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-326\"},{\"lang\":\"en\",\"value\":\"CWE-338\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.8.2.2\",\"matchCriteriaId\":\"593F7EC1-0922-4652-817A-7D57A0F1210D\"}]}]}],\"references\":[{\"url\":\"https://github.com/ultravnc/UltraVNC\",\"source\":\"33c584b5-0579-4c06-b2a0-8d8329fcab9c\",\"tags\":[\"Product\"]},{\"url\":\"https://uvnc.com/\",\"source\":\"33c584b5-0579-4c06-b2a0-8d8329fcab9c\",\"tags\":[\"Product\",\"Release Notes\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-7830\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-01T13:13:10.627838Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-01T13:13:18.444Z\"}}], \"cna\": {\"title\": \"UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception\", \"source\": {\"advisory\": \"Securin Security Advisory \\u2014 FINDING-002\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Arjun Basnet, Securin (arjun.basnet@securin.io)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"uvnc\", \"modules\": [\"winvnc\", \"ms-logon\"], \"product\": \"UltraVNC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.8.2.2\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-06-02T00:00:00.000Z\", \"value\": \"Vulnerability discovered during security audit\"}, {\"lang\": \"en\", \"time\": \"2026-06-17T00:00:00.000Z\", \"value\": \"Reported to vendor (coordinated disclosure)\"}, {\"lang\": \"en\", \"time\": \"2026-09-15T00:00:00.000Z\", \"value\": \"Planned public disclosure (90-day window)\"}], \"references\": [{\"url\": \"https://uvnc.com/\", \"name\": \"UltraVNC project page\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/ultravnc/UltraVNC\", \"name\": \"UltraVNC source repository\", \"tags\": [\"product\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme (rfbUltraVNC_MsLogonIIAuth). In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer (DH_MAX_BITS controls the prime size). A 64-bit DH key can be broken by Pollard\u0027s rho algorithm in under one second on current hardware. Additionally, the private exponent is generated by the rng() function, which multiplies three libc rand() values seeded from time(NULL). With approximately 31 bits of internal state and a time-based seed, the private exponent is recoverable in under a minute by a passive observer. A network attacker who can observe the MS-Logon II handshake (via sniffing, recording, or man-in-the-middle) can derive the shared DH key and decrypt the encapsulated username and password, resulting in full credential disclosure. This affects legacy MS-Logon II connections; MS-Logon III (X25519 + AES-256-GCM) is unaffected.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-326\", \"description\": \"Inadequate Encryption Strength\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-338\", \"description\": \"Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)\"}]}], \"providerMetadata\": {\"orgId\": \"33c584b5-0579-4c06-b2a0-8d8329fcab9c\", \"shortName\": \"securin\", \"dateUpdated\": \"2026-07-01T03:33:24.106Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-7830\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-01T13:13:23.590Z\", \"dateReserved\": \"2026-05-05T03:40:59.002Z\", \"assignerOrgId\": \"33c584b5-0579-4c06-b2a0-8d8329fcab9c\", \"datePublished\": \"2026-07-01T03:33:24.106Z\", \"assignerShortName\": \"securin\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…