It's too easy to "decrypt" the VNC password that's in the registry with the VNC password cracking tools that are easy to find. Can the VNC password that's stored on the local system be made to use 1-way encryption and not 2-way?
For example, use MD5 to store the password. If the incoming password is MD5'd and matches the stored MD5 password, then let the user log in.
This is a really bad security problem... especially for people who support lots of computers that use VNC as their only remote-control tool. Otherwise, I think UltraVNC is still the best of the VNC family. Kudos to the developers.
Scott
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
VNC password in the registry is easily crackable--not secure
-
scottcopus
- Posts: 3
- Joined: 2004-11-17 15:28
-
mattice06082
- Former moderator
- Posts: 607
- Joined: 2006-11-30 00:41
- Location: Connecticut, USA
Re: VNC password in the registry is easily crackable--not se
Have you looked at the encryption plugins?