CVE-2002-0994

SunPCi II VNC - Weak Authentication Scheme

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0994. PoCs published by Richard van den Berg.

AI-analyzed exploit summary This exploit is a password decoder for the SunPCi II VNC authentication scheme, which suffers from a weak authentication mechanism allowing password disclosure via network sniffing. It decrypts sniffed challenge-response pairs to recover plaintext passwords.

Description

SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Richard van den Berg · clocalunix

https://www.exploit-db.com/exploits/21592

View Code ZIP pw:eip

This exploit is a password decoder for the SunPCi II VNC authentication scheme, which suffers from a weak authentication mechanism allowing password disclosure via network sniffing. It decrypts sniffed challenge-response pairs to recover plaintext passwords.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: SunPCi II Driver Software (VNC client/server) version 2.3 and later

No auth needed

Prerequisites: Sniffed network traffic containing VNC challenge-response pairs

MITRE ATT&CK

T1557 - Adversary-in-the-Middle T1003 - OS Credential Dumping

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/9476.php

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5146

Third Party Advisory mailing-list x_refsource_vulnwatch

http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0003.html

Scores

EPSS 0.0289

EPSS Percentile 85.1%

Details

Status published

Products (1)

sun/sun_pci_ii_driver 2.3

Published Oct 04, 2002

Tracked Since Feb 18, 2026