I see in the change information for version 1.1.0.0 it says this:
-security fix ( encryption plugin + vnc passwd : password can be broken)
I was curious to the nature of this as it relates to running the current non-beta version (1.0.9.6.2). Is this an issue specifically related to using an encryption plugin... meaning that if a plugin is used then the password can be broken? In that case would it be better to run it without the encryption plugin?
After more 2 000 000 (two million) views on forum for 1.5.0.x development versions... and 1.6.1.0, 1.6.3.0-dev versions
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is always welcome
2025-12-14: 1.7.1.X-dev release builds need tests and feedback: https://forum.uvnc.com/viewtopic.php?t=38134
2025-12-02: We need help: English Wikipedia UltraVNC page has been requested to deletion: https://forum.uvnc.com/viewtopic.php?t=38127
Any help is welcome to improve the UltraVNC page and/or to comment on the Wikipedia Talk page
2025-05-06: Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
2023-09-21: Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC development is always here... Any help is welcome
Feedback is welcome
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is always welcome
2025-12-14: 1.7.1.X-dev release builds need tests and feedback: https://forum.uvnc.com/viewtopic.php?t=38134
2025-12-02: We need help: English Wikipedia UltraVNC page has been requested to deletion: https://forum.uvnc.com/viewtopic.php?t=38127
Any help is welcome to improve the UltraVNC page and/or to comment on the Wikipedia Talk page
2025-05-06: Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
2023-09-21: Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC development is always here... Any help is welcome
Feedback is welcome
Security Fix Question
Re: Security Fix Question
I was also having hard time finding specifics about this fix. The closest I came to the explanation was from the history screen of 1.1.0.0 installer:
And also clarify if encryption plugin + new ms login combo in 1.0.9.6.2 is vulnerable to the same attack.
Thank you
I guess that still doesn't answer your question. So I too would appreciate if someone could shed the light on this.-new vncpasswd + encryption.
Instead of using the password as part of the encryption, we now check the password insite the encryption by the server. This allow the server to balcklist servers after x fault password.
WARNING: If using encryption plugin + vncpassword you better upgrade. No protection against Brute force password hacking."
And also clarify if encryption plugin + new ms login combo in 1.0.9.6.2 is vulnerable to the same attack.
Thank you