Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
UltraVNC 1.2.0.3 (Security update) - Download links
- Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
UltraVNC 1.2.0.3 (Security update) - Download links
impact: all pre 1.2.0.3 versions
exploit: localuser (guest) can gain local admin access on win8
- https://uvnc.eu/download/1203/UltraVNC_ ... _Setup.exe
- https://uvnc.eu/download/1203/UltraVNC_ ... _Setup.exe
- https://uvnc.eu/download/1203/Uvnc_1203_bin.zip
exploit: localuser (guest) can gain local admin access on win8
- https://uvnc.eu/download/1203/UltraVNC_ ... _Setup.exe
- https://uvnc.eu/download/1203/UltraVNC_ ... _Setup.exe
- https://uvnc.eu/download/1203/Uvnc_1203_bin.zip
Re: 1.2.0.3 ( Security update)
good afternoon.
found error.
system windows xp 32 bit winvnc.exe (v1_2_03)
"SecureVNCPlugin.dsm" when you press the button "Config."
then change the password - the password is not possible to change
set up a new password does not save
in version winvnc.ehe (v1_2_02) to save your password is working properly
found error.
system windows xp 32 bit winvnc.exe (v1_2_03)
"SecureVNCPlugin.dsm" when you press the button "Config."
then change the password - the password is not possible to change
set up a new password does not save
in version winvnc.ehe (v1_2_02) to save your password is working properly
- Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Re: 1.2.0.3 ( Security update)
This part needed to be changed to fix the exploit.
The config is now started as desktop user...
*This don't work for domain admins, a service can not impersonate the desktop user
1)logon as local admin
or
2)Use uvnc_settings.exe to make the changes.
Service and change settings via the tray should be removed in the future to force people
to use the sapereate app for it. Sorry
The config is now started as desktop user...
*This don't work for domain admins, a service can not impersonate the desktop user
1)logon as local admin
or
2)Use uvnc_settings.exe to make the changes.
Service and change settings via the tray should be removed in the future to force people
to use the sapereate app for it. Sorry
Re: 1.2.0.3 ( Security update)
password is not changedRudi De Vos wrote:1)logon as local admin
or
2)Use uvnc_settings.exe to make the changes.
tried the first and second option
- Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Re: 1.2.0.3 ( Security update)
Correct, seems i missed the return info from the plugin config... passphraze is not saved.
- Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Re: 1.2.0.3 ( Security update)
reuploaded files with fixed config savings
Re: 1.2.0.3 ( Security update)
Many thanks for updating the software and resolving the security bug. Is there a .MSI version of the installer or is that coming soon?
Thanks,
Si.
Thanks,
Si.
- Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Re: 1.2.0.3 ( Security update)
Not yet, we made 1.2.0.3 available as soon as possible.
Msi still need to be created
Msi still need to be created
Re: 1.2.0.3 ( Security update)
HiRudi De Vos wrote:reuploaded files with fixed config savings
A new version i checked
system windows xp 32 bit winvnc.exe (v1_2_03 new)
"SecureVNCPlugin.dsm" when you press the button "Config."
then change the password - the password is change
but if I connect at the password prompt I can hit only 8 characters
(if the password is longer than I can enter 8 characters and log in)
system windows xp 32 bit vncviewer.exe (v1_2_03 new)
A new version i checked uvnc_settings.exe (v1_2_03 new)
"SecureVNCPlugin.dsm" when you press the button "Config."
the password is change and all work fine
(if I connect at the password prompt I can hit more 8 characters and all work fine)
- Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Re: 1.2.0.3 ( Security update)
I tried to repeat it without luck
1) removed ultravnc.ini
2) started winvnc.exe (app)
3) In the properties window i set passwd, select use dsm plugin and press config
4) save passwd in config
ultravnc.ini is cerated with a single line that indicate the saved options
5)press OK in properties dialog
Now all the other options in ultravnc.ini are set
When i connect the viewer ( selecting plugin) i have >8 chars and the window indicate
All is in the ultravnc.ini, do you see a difference between the uvnc_settings saved versiona and the
version created with the tray icon.
1) removed ultravnc.ini
2) started winvnc.exe (app)
3) In the properties window i set passwd, select use dsm plugin and press config
4) save passwd in config
ultravnc.ini is cerated with a single line that indicate the saved options
Code: Select all
[admin]
DSMPluginConfig=SecureVNC;0;0x00104001;123456789==
Now all the other options in ultravnc.ini are set
When i connect the viewer ( selecting plugin) i have >8 chars and the window indicate
Code: Select all
passwd requested
AES-256....
version created with the tray icon.
Re: 1.2.0.3 ( Security update)
You need start winvnc.exe as serviceRudi De Vos wrote:2) started winvnc.exe (app)
then in the tray select (admin properties) then SecureVNCPlugin.dsm (Config.)
AES(128.....
256 bit
RSA-2048
(use new key algorithm.....)
Passphrase: enter password 9 chars
Confirm: enter password 9 chars
save this
then When you connect the viewer (selecting plugin)
password prompt
you can not enter >8 chars
- Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Re: 1.2.0.3 ( Security update)
Please press config again... is the value realy saved... do you see the extra lineYou need start winvnc.exe as service
then in the tray select (admin properties) then SecureVNCPlugin.dsm (Config.)
...
Confirm: enter password 9 chars
save this
Code: Select all
DSMPluginConfig=SecureVNC;0;0x00104001;123456789==
When i'm correct, the problem is that running as service we use the credentials of the current desktop user.
1) We need to get the credentials... this fail for domain users
2) The desktop user need to be admin or he can not save ultravnc.ini
If value is not saved in ini, then winvnc ask the default vnc passwd that's 8 chars.
As we can not bypass 1) and 2) we
need to add some extra check... that popup when desktop user can not be impersonate.
And guide the users to use the uvnc_settings.exe.
Re: 1.2.0.3 ( Security update)
after save (uvnc_settings.exe)
DSMPluginConfig=SecureVNC;0;0x00104001;MTIzNDU2Nzg5 (123456789)
after
then in the tray select (admin properties) then SecureVNCPlugin.dsm (Config.)
Confirm: enter password 9 chars (123456789)
save and open (ultravnc.ini)
DSMPlugin=SecureVNCPlugin.dsm (empty)
no password
why is this happening?
DSMPluginConfig=SecureVNC;0;0x00104001;MTIzNDU2Nzg5 (123456789)
after
then in the tray select (admin properties) then SecureVNCPlugin.dsm (Config.)
Confirm: enter password 9 chars (123456789)
save and open (ultravnc.ini)
DSMPlugin=SecureVNCPlugin.dsm (empty)
no password
why is this happening?
- Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Re: 1.2.0.3 ( Security update)
Desktop user permission
The dsm config run as impersonated desktop user, 2 possible reasons
1° User can nor save
2° User can not be imperonate ( domain users can not be impersonate by local service)
The dsm config run as impersonated desktop user, 2 possible reasons
1° User can nor save
2° User can not be imperonate ( domain users can not be impersonate by local service)
Re: 1.2.0.3 ( Security update)
Vnc session hangs up when I type "\" char inside a textbox or in explorer's address bar in remote session.
- Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Re: 1.2.0.3 ( Security update)
Please verify if this is fixed in
viewtopic.php?t=31133
viewtopic.php?t=31133