The SecurityFocus vulnerabilities
list has two entries, at
http://www.securityfocus.com/archive/1/432861
and
http://www.securityfocus.com/bid/17824/info
that point to a weakness in how MS Logon (I and II)
authentication challenge response is crafted.
While the first article mentions that one workaround
is to use the DSM/MSRC4 plugin, are there other
plans to address this? I've been looking at
UVNC (especially SC and SCIII) as options for
helpdesk support, but need the solution to be
secure end-to-end.
Thanks in advance!
Celebrating the 22th anniversary of the UltraVNC: https://forum.uvnc.com/viewtopic.php?t=38031
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
MS LOGON I/II password vuln / Using Encryption
An alternative solution is in the works.
However, this will not be compatible with the current MS-Logon implementation.
I.e. you will need both vncviewer and winvnc replaced with the new version.
The viewer will still be able to connect to and old server, but with the weak protocol.
If you need a secure solution, you should definitely consider using either the encryption plugin or tunneling via SSH.
However, this will not be compatible with the current MS-Logon implementation.
I.e. you will need both vncviewer and winvnc replaced with the new version.
The viewer will still be able to connect to and old server, but with the weak protocol.
If you need a secure solution, you should definitely consider using either the encryption plugin or tunneling via SSH.