CVE-2026-7830
Received Received - Intake

Weak DH Key Exchange in UltraVNC MS-Logon II

Vulnerability report for CVE-2026-7830, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: securin

Description

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme (rfbUltraVNC_MsLogonIIAuth). In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer (DH_MAX_BITS controls the prime size). A 64-bit DH key can be broken by Pollard's rho algorithm in under one second on current hardware. Additionally, the private exponent is generated by the rng() function, which multiplies three libc rand() values seeded from time(NULL). With approximately 31 bits of internal state and a time-based seed, the private exponent is recoverable in under a minute by a passive observer. A network attacker who can observe the MS-Logon II handshake (via sniffing, recording, or man-in-the-middle) can derive the shared DH key and decrypt the encapsulated username and password, resulting in full credential disclosure. This affects legacy MS-Logon II connections; MS-Logon III (X25519 + AES-256-GCM) is unaffected.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ultravnc ultravnc 1.8.2.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-338 The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
CWE-326 The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects UltraVNC versions through 1.8.2.2 in the MS-Logon II authentication scheme. The issue lies in the use of inadequate cryptography during the Diffie-Hellman key exchange, which uses a 64-bit prime size that is too small and can be broken very quickly with current hardware.

Additionally, the private exponent used in the key exchange is generated using a weak random number generator seeded by the current time, making it possible for an attacker to recover the private exponent in under a minute by passively observing the handshake.

As a result, a network attacker who can observe the MS-Logon II handshake can derive the shared Diffie-Hellman key and decrypt the encapsulated username and password, leading to full credential disclosure. This vulnerability only affects legacy MS-Logon II connections; newer MS-Logon III connections are not affected.

Impact Analysis

This vulnerability can lead to full credential disclosure if an attacker is able to observe the MS-Logon II handshake over the network. The attacker can decrypt the username and password transmitted during authentication.

Such credential compromise can allow unauthorized access to systems using UltraVNC with the affected authentication scheme, potentially leading to further unauthorized actions or data breaches.

Mitigation Strategies

The vulnerability affects UltraVNC versions through 1.8.2.2 using the MS-Logon II authentication scheme, which employs weak cryptography allowing credential disclosure.

To mitigate this vulnerability immediately, avoid using the legacy MS-Logon II authentication scheme.

Instead, use the MS-Logon III authentication scheme, which uses stronger cryptography (X25519 + AES-256-GCM) and is not affected by this issue.

Compliance Impact

This vulnerability allows a network attacker to derive the shared Diffie-Hellman key and decrypt encapsulated usernames and passwords during the MS-Logon II handshake. This results in full credential disclosure, which compromises the confidentiality and integrity of user authentication data.

Such a compromise of sensitive authentication credentials can lead to violations of common data protection standards and regulations like GDPR and HIPAA, which require the protection of personal and sensitive information against unauthorized access and disclosure.

Therefore, systems using UltraVNC versions up to 1.8.2.2 with MS-Logon II authentication may fail to meet compliance requirements related to secure authentication and data confidentiality.

Detection Guidance

This vulnerability involves the MS-Logon II authentication scheme in UltraVNC versions through 1.8.2.2, where weak Diffie-Hellman parameters and predictable random number generation allow credential disclosure by observing the handshake.

To detect this vulnerability on your network or system, you should identify UltraVNC servers or clients using the affected versions and check if they are using the legacy MS-Logon II authentication method.

Commands to help detect UltraVNC services on your network might include scanning for open VNC ports (default 5900) and identifying UltraVNC banners or version strings.

  • Use nmap to scan for VNC services: nmap -p 5900 --script vnc-info <target-ip>
  • Check running processes on Windows systems for UltraVNC server or viewer: tasklist | findstr ultravnc
  • Inspect network traffic for MS-Logon II handshakes by capturing packets on port 5900 using Wireshark or tcpdump: tcpdump -i <interface> port 5900 -w capture.pcap

Note that detecting the use of MS-Logon II specifically may require deeper protocol analysis or inspecting configuration files of UltraVNC installations to confirm the authentication method.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7830. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart