Ello,
I'd like a recommend a security enhancement. I know that UltraVNC used the store the default VNC password in clear text in the registry. This allows a bad admin or program to scavenge the passwords if it happens to to have access to the registry key.
I propose that we should store the default password in a one way seeded hash. This way if a registry entry is left insecure (default installation) even is the entry is read, the default password is not known.
After more 1 000 000 (one million) views on forum for 1.5.0.x development versions... and 1.6.0.0 version
A new stable version, UltraVNC 1.6.1.0 and UltraVNC SC 1.6.1.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38080
Celebrating the 22th anniversary of the UltraVNC (25th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38031
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
Development: UltraVNC development is always here... Any help is welcome.
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
A new stable version, UltraVNC 1.6.1.0 and UltraVNC SC 1.6.1.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38080
Celebrating the 22th anniversary of the UltraVNC (25th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38031
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
Development: UltraVNC development is always here... Any help is welcome.
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Hashed deault password
-
Rudi De Vos
- Admin & Developer
- Posts: 6937
- Joined: 2004-04-23 10:21
- Contact:
Re: Hashed deault password
There is no default password, the initial password has a random value.
The password is saved the ultravnc.ini file with some weak des encryptionn, we don't use the registry.
The password is encrypted with some weak des encryption as the server need to be able to decrypt.
The password is saved the ultravnc.ini file with some weak des encryptionn, we don't use the registry.
The password is encrypted with some weak des encryption as the server need to be able to decrypt.
UltraVNC links (join us on social networks):
- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/
- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/