Hi,
I'm new to remote connectivity, and I'd like to dive right into it, but I'm wondering if there are any security issues with it. Specifically, when I enter my connection password (to connect to the server) it is encrypted before it's sent to the server?
I also noticed that plugins are available to encrypt all data passed between the server and client, but what are the consequences of not using the plugin? Is there a security risk in not doing this?
It's a pretty general question, I know, but any input is greatly appreciated. Much thanks!
-PJ
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
New to this...are there any security issues?
-
Simon
I'm not hugely experienced with this, but I'd say that using UltraVNC with the standard configuration is somewhat secure. The password is never transferred in plain-text over the connection. It's encrypted with a key passed from the server. If the key and the encrypted password are both sniffed, a brute force cracking program could probably discover it (though for passwords longer than 8 chars, would take a long while). Also the screen-image data being sent is not encrypted, so could possibly be intercepted.
If you use the free plugin provided you can encrypt everything much more securely. You just need to generate a key - and have that present on both the server and client machines. I'm not sure if this method can be brute-forced at all. Someone would need a copy of the key also.
< Simon >
If you use the free plugin provided you can encrypt everything much more securely. You just need to generate a key - and have that present on both the server and client machines. I'm not sure if this method can be brute-forced at all. Someone would need a copy of the key also.
< Simon >