It's too easy to "decrypt" the VNC password that's in the registry with the VNC password cracking tools that are easy to find. Can the VNC password that's stored on the local system be made to use 1-way encryption and not 2-way?
For example, use MD5 to store the password. If the incoming password is MD5'd and matches the stored MD5 password, then let the user log in.
This is a really bad security problem... especially for people who support lots of computers that use VNC as their only remote-control tool. Otherwise, I think UltraVNC is still the best of the VNC family. Kudos to the developers.
Scott
After more 1 000 000 (one million) views on forum for 1.5.0.x development versions... and 1.6.0.0 version
A new stable version, UltraVNC 1.6.1.0 and UltraVNC SC 1.6.1.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38080
Feedback is welcome
Celebrating the 22th anniversary of the UltraVNC (25th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38031
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
Development: UltraVNC development is always here... Any help is welcome.
A new development version, UltraVNC 1.6.3.0-dev has been released, please test it: https://forum.uvnc.com/viewtopic.php?t=38091
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
A new stable version, UltraVNC 1.6.1.0 and UltraVNC SC 1.6.1.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38080
Feedback is welcome
Celebrating the 22th anniversary of the UltraVNC (25th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38031
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
Development: UltraVNC development is always here... Any help is welcome.
A new development version, UltraVNC 1.6.3.0-dev has been released, please test it: https://forum.uvnc.com/viewtopic.php?t=38091
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
VNC password in the registry is easily crackable--not secure
-
scottcopus
- Posts: 3
- Joined: 2004-11-17 15:28
-
mattice06082
- 200
- Posts: 607
- Joined: 2006-11-30 00:41
- Location: Connecticut, USA
Re: VNC password in the registry is easily crackable--not se
Have you looked at the encryption http:// msrc4plugin.home.comcast.net/?