Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Security Issues w/SC

Single Click discussions / bugs
Post Reply
TKD
20
20
Posts: 32
Joined: 2005-04-15 12:44
Location: U.S.

Security Issues w/SC

Post by TKD »

Have you guys found any security issues using single click?

One security hole I see that can be a problem as this becomes more mainstream is the lack of authentication for connecting to a remote PC.

The only security used is a public key which is the same exact key that is used by the tech admin. This can be a problem in that if the remote PC was somehow redirected to a different remote controller, there is no authentication type system to prevent the remote pc from being hacked/hijacked by another person.

Is there a solution for this? shouldn't be too difficult to secure, right?

Are there any other security issues that anyone else is aware of?

Thanks!
TKD
ipsec
Former moderator
Former moderator
Posts: 565
Joined: 2004-09-20 18:56
Contact:

Re: Security Issues w/SC

Post by ipsec »

TKD wrote:Have you guys found any security issues using single click?

One security hole I see that can be a problem as this becomes more mainstream is the lack of authentication for connecting to a remote PC.

The only security used is a public key which is the same exact key that is used by the tech admin. This can be a problem in that if the remote PC was somehow redirected to a different remote controller, there is no authentication type system to prevent the remote pc from being hacked/hijacked by another person.

Is there a solution for this? shouldn't be too difficult to secure, right?

Are there any other security issues that anyone else is aware of?

Thanks!
TKD
Security as in -
Securing the data being transmitted?
Securing the authentication requests?
Securing the client computer?
Securing the Tech computer?

Data transmission - Make up your own key. Change it as you feel necessary or create one key per client if you dont have a lot of clients.
Authentication requests - It allows the tech to control this since its initiated on the client side. You can allow or disallow connection with newest viewer in listen mode and new compiler.
Client computer Its initiated from them so it should be pretty secure, network sniffers may be able to pick up some info but I am not aware of how to hijack a session to view what is going on?? Has anyone?
Tech computer - If you cant secure it then you may not want to be putting yourself out there with a potentially well known port open.
Post Reply