UltraVNC server password

Mr Wolf · Post by **Mr Wolf** » 2010-01-08 23:14

Hi to all!

Am I wrong... or the UltraVNC server password is stored in clear in the registry???

redge · Post by **redge** » 2010-01-08 23:39

no
encrypted DES 56bit key

http://www.vidarholen.net/contents/junk/vnc.html

there a lot of software for read decryptÂ¦write encrypt vnc password

Mr Wolf · Post by **Mr Wolf** » 2010-01-09 00:10

Ok... to be clear, I tried this utility:
http://www.nirsoft.net/utils/vnc_password.html
and I could read in clear my password...! AZZZ!!!

redge · Post by **redge** » 2010-01-09 00:51

yes, it simply decrypt the DES 56bit of the vnc password located in the ultravnc.ini or registry
any user have access to ultravnc.ini can read and quickly find the password and decrypt it.

is main reason for switch to RFB 3.8 where the password is encrypted more strong and still open source.

Mr Wolf · Post by **Mr Wolf** » 2010-01-09 00:55

Thanks for your answer!

But... how could it be so fast to decrypt password???

Btw... sorry for my ignorance, what is it RBF?

redge · Post by **redge** » 2010-01-09 01:18

vnc password is low level encryption, is why so fast decrypted in seconds.

RFB = Remote Frame Buffer, the protocol of VNC
wiki is your friend

Mr Wolf · Post by **Mr Wolf** » 2010-01-09 15:30

Ok!
But RFB is not supported by UltraVNC, right?

redge · Post by **redge** » 2010-01-09 23:57

wrong

ultravnc use rfb protocol, otherwise, can't use the name VNC in the ultravnc name.

SingleClick use some function are not compatible RFB !

Mr Wolf · Post by **Mr Wolf** » 2010-01-10 00:05

Ok... stupid question: how do I "activate" RFB with UltraVNC???

redge · Post by **redge** » 2010-01-10 00:14

you can't activate ! is always activ, ultravnc use RFB protocol 3.3

some function of SC are not compatible with the RFB protocol standard.

Mr Wolf · Post by **Mr Wolf** » 2010-01-10 00:21

Ok... now it's clear... sorry, I just USE UltraVNC, never interested about protocols!

So... UltraVNC uses RBF 3.3 (which uses a weak password encryption) and should pass to RBF 3.8?

redge · Post by **redge** » 2010-01-10 00:42

> RFB 3.8 is still backward compatible with RFB 3.3 password

yes
RFB use more strong password en

feature request for ultravnc use RFB 3.8 and backward compatible 3.3 for supporting older VNC including ultravnc.

wikipedia wrote:By default, VNC is not a secure protocol. While passwords are not sent in plain-text (as in telnet), brute-force cracking could prove successful if both the encryption key and encoded password are sniffed from a network. For this reason it is recommended that a password of at least 8 characters be used. On the other hand, there is also an 8-character limit on some versions of VNC; if a password is sent exceeding 8 characters, the excess characters are removed and the truncated string is compared to the password.

UltraVNC

UltraVNC server password

UltraVNC server password

Re: UltraVNC server password

Re: UltraVNC server password

Re: UltraVNC server password

Re: UltraVNC server password

Re: UltraVNC server password

Re: UltraVNC server password

Re: UltraVNC server password

Re: UltraVNC server password

Re: UltraVNC server password

Re: UltraVNC server password

Re: UltraVNC server password