The SecurityFocus vulnerabilities
list has two entries, at
http://www.securityfocus.com/archive/1/432861
and
http://www.securityfocus.com/bid/17824/info
that point to a weakness in how MS Logon (I and II)
authentication challenge response is crafted.
While the first article mentions that one workaround
is to use the DSM/MSRC4 plugin, are there other
plans to address this? I've been looking at
UVNC (especially SC and SCIII) as options for
helpdesk support, but need the solution to be
secure end-to-end.
Thanks in advance!
After more 1 000 000 (one million) views on forum for 1.5.0.x development versions... and 1.6.1.0, 1.6.3.0-dev versions
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is welcome
Celebrating the 22th anniversary of the UltraVNC (25th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38031
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
Development: UltraVNC development is always here... Any help is welcome.
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is welcome
Celebrating the 22th anniversary of the UltraVNC (25th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38031
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
Development: UltraVNC development is always here... Any help is welcome.
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
MS LOGON I/II password vuln / Using Encryption
An alternative solution is in the works.
However, this will not be compatible with the current MS-Logon implementation.
I.e. you will need both vncviewer and winvnc replaced with the new version.
The viewer will still be able to connect to and old server, but with the weak protocol.
If you need a secure solution, you should definitely consider using either the encryption plugin or tunneling via SSH.
However, this will not be compatible with the current MS-Logon implementation.
I.e. you will need both vncviewer and winvnc replaced with the new version.
The viewer will still be able to connect to and old server, but with the weak protocol.
If you need a secure solution, you should definitely consider using either the encryption plugin or tunneling via SSH.