Serious security flaw in repeater in Mode 2

[swinster]

Hi,

I have been looking at implementing UltraVNC to remotely manage man computers behind different firewalls. To do this I need to use the Repeater in Mode 2 and UltraVNC server performs an automatic reverse connection to the repeater. The view can then connect to an open ID connection.

The major problem is that in this mode, the server does NOT ask for a password - OH dear!!!!!

It also seem that the Access Control Lists built into the repeater do NOT work when the repeater is in Mode 2!!!!

It would seem that as these are already partially in place, they could be utilised to at least limit the viewer IPs that could connect.

Is there any way around these issues - anyone?

[swinster]

As a get around, I have utilised the COMODO firewall (not Open Source, but completely free and highly configurable). You can get individual filters for each application so you can limit protocol, direction and both source and destination address and ports. It is possible to that to limit access from specific IP address to the repeater and block all other.

Of course, this is only a first defence in security and some kind of authentication should be implemented.