UltraVNC 1.4.0.9 - Feedbacks

[lwc]

Thanks! Can you add an online generator for me to try (uploadX.pl)?

Anyway, I don't understand something. After the end user enters the ID, a small question asks for it again (in a text I can't change), why does the end user have to write it manually twice?
It doesn't seem to matter at all what I put in the first screen. Only the second one matters:
=>

Also, why does it warn me (which doesn't happen in non-repeater mode)?


Moreover, do I need to also add [DIS_UAC] to helpdesk.ini?

In addition, If I want it secured, should it be -secureplugin -autoreconnect ID:[ENTERCODE] -repeater support2.uvnc.com:5500 ?


Last but not least, why is it hardcoded to the word Connect? Why can't I translate it?

[Rudi De Vos]

You"r correct, some things need to be removed for SC.

Integrating it in winvnc was a hell of a job, it still need some fine tuning.
You are actual the first that give me usual information back, thanks

I will check it.

[Rudi De Vos]

SC20 based on 1.4.0.11
https://uvnc.eu/download/1400/winvnc_SC20_14011.zip

*Extra window to ask for the id for a second time not needed, code modified

*Connect button could be translated
Added more samples to helpdesk.txt file, was already in the code, not in sample

*Accept without autentocation, this is a viewer option
tab security
[v] Only servers with passwords <<<<uncheck

[lwc]

Thanks! But this link gives a 404 message. Can you give a usual online generator instead?

About "Accept without authentication", why is there no warning in direct (i.e. no-repeater) connections?

[Rudi De Vos]

I broke all downloads...added wrong rule rule
Corrected, posisble still cached on browsers

Using the zip and exe is a lot faster to test, you can see on the fly your helpdesk.txt changes.

[lwc]

Using the zip and exe is a lot faster to test, you can see on the fly your helpdesk.txt changes.

Very true, but it also means no digital signature...

Anyway, I confirm the extra window is skipped now, thanks! (also confirming you've added [DIS_UAC] though I won't know it works until I test it with someone).

Can you tell me why "Accept without authentication" isn't needed for direct (i.e. non-repeater) connections?

Also, the popup Gibberish is still Gibberish, not Unicode.

[Rudi De Vos]

Someone can put a fake server on the net without a password and try to inject code using the viewer.

Last year we got some notifications about fake server.
A fake server actual try to overflow the viewers by sending huge screen sizes and off screen updates
Viewer was verified and many possible secirity issue's ware solved....and also this warning was added.
A server without a password is possible not the server you want to connect to.

I tried the popup with éûù chars and it works.
Else share your helpdesk.txt file ( without HOST section) to verify

[lwc]

Sure, you can see it at https://pastebin.com/iq0KefeP

As for fake, direct connections can be fake as well (especially if you use a DNS server).

[VNCHELP890]

MSOiD
QueryAccept=2
QueryIfNoLogon=0

found and fixed in 1.4.0.10

There is a 1.4.0.10?
Not seeing it in any of the usual places.

OK to stick with 1.4.0.9 for a while? Still converting people over from older versions to 1.4.0.9, such as:
1.4.0.8
1.4.0.7
1.4.0.6
1.3.8.2
1.3.8.1
1.3.4.2
1.3.2
1.2.2.4
1.2.1.2
Any urgency to any of these, due to security concerns/vulnerabilities?

Thank you.

[Rudi De Vos]

1.4.0.10 TEST

-security fix
-QueryIfNoLogon fix
-mslogon v1 fixes


https://uvnc.eu/download/1400/UltraVnc_14010.zip

Security fixes are for the viewer. If you connect to a fake server then they can overrun some memory buffers
(if the server is 800x600 and you update a pixel at 801,600 or server send a screen size of 1280000 x 8000000)

If possible verify of this server fix it allow/reject

[lwc]

Sure, you can see it at https://pastebin.com/iq0KefeP

As for fake, direct connections can be fake as well (especially if you use a DNS server).

Hi, just wondered if there's any update?

[lwc]

Continued in next release.