Have you guys found any security issues using single click?
One security hole I see that can be a problem as this becomes more mainstream is the lack of authentication for connecting to a remote PC.
The only security used is a public key which is the same exact key that is used by the tech admin. This can be a problem in that if the remote PC was somehow redirected to a different remote controller, there is no authentication type system to prevent the remote pc from being hacked/hijacked by another person.
Is there a solution for this? shouldn't be too difficult to secure, right?
Are there any other security issues that anyone else is aware of?
Thanks!
TKD
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Security Issues w/SC
Re: Security Issues w/SC
Security as in -TKD wrote:Have you guys found any security issues using single click?
One security hole I see that can be a problem as this becomes more mainstream is the lack of authentication for connecting to a remote PC.
The only security used is a public key which is the same exact key that is used by the tech admin. This can be a problem in that if the remote PC was somehow redirected to a different remote controller, there is no authentication type system to prevent the remote pc from being hacked/hijacked by another person.
Is there a solution for this? shouldn't be too difficult to secure, right?
Are there any other security issues that anyone else is aware of?
Thanks!
TKD
Securing the data being transmitted?
Securing the authentication requests?
Securing the client computer?
Securing the Tech computer?
Data transmission - Make up your own key. Change it as you feel necessary or create one key per client if you dont have a lot of clients.
Authentication requests - It allows the tech to control this since its initiated on the client side. You can allow or disallow connection with newest viewer in listen mode and new compiler.
Client computer Its initiated from them so it should be pretty secure, network sniffers may be able to pick up some info but I am not aware of how to hijack a session to view what is going on?? Has anyone?
Tech computer - If you cant secure it then you may not want to be putting yourself out there with a potentially well known port open.