Hi, I have searched but I can't seem to get indepth technical info about these risks.
Here is my questions:
I have ultravnc 1.0.1 set up with
1) the new MS login feature
2) The DSM plugin 1.1.8.0
Does this dsm plugin help to avoid the security risks presented in
1.0.1?
Also, is there a way to setup ultravnc 1.0.1 so it avoids the security risks
or are all configurations suseptible.
Finally, where can I get indepth info on how these exploits work.
Thanks.
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Regarding UltraVNC security risks
Re: Regarding UltraVNC security risks
Also, just to add:
3) The log debug info setting on the server is not enabled.
4) The program is used within our company or via vpn
3) The log debug info setting on the server is not enabled.
4) The program is used within our company or via vpn
Re: Regarding UltraVNC security risks
Using DSMPlugin MSRC4 1.1.8 (that actually uses the MS Crypto engine that is in Windows) the 1.0.1 MS Logon weak challenge vulnerability is not a problem as even the authentication handshaking process is encrypted.
Same thing if you connect through a VPN tunnel; in this case you don't even need to use an encryption plugin as the VPN is presumably already encrypted...
The other vulnerability in 1.0.1 is the logging functions buffer overflow (viewer and server):
- If the log debug info setting on the server is not enabled, the server is not vulnerable to this.
- Furthermore if you use a VPN tunnel, your UltaVNC server is not reachable from outside...
- If you don't use the viewer in reverse connection mode (listening viewer), your viewer is not vulnerable to the buffer overflow as soon as you connect with it only to trusted servers (those of your company for instance) and even if you connect using no plugin or VPN.
Note that running vncviewer 1.0.1 in listening mode even with an encryption plugin should not prevent it from being vulnerable to the buffer overflow...
Overall, the best thing to do is to upgrade to v1.0.2...
Same thing if you connect through a VPN tunnel; in this case you don't even need to use an encryption plugin as the VPN is presumably already encrypted...
The other vulnerability in 1.0.1 is the logging functions buffer overflow (viewer and server):
- If the log debug info setting on the server is not enabled, the server is not vulnerable to this.
- Furthermore if you use a VPN tunnel, your UltaVNC server is not reachable from outside...
- If you don't use the viewer in reverse connection mode (listening viewer), your viewer is not vulnerable to the buffer overflow as soon as you connect with it only to trusted servers (those of your company for instance) and even if you connect using no plugin or VPN.
Note that running vncviewer 1.0.1 in listening mode even with an encryption plugin should not prevent it from being vulnerable to the buffer overflow...
Overall, the best thing to do is to upgrade to v1.0.2...
UltraSam
Re: Regarding UltraVNC security risks
Thanks for the fast and precise reply.
Re: Regarding UltraVNC security risks
Hi, I have another question:
I see the setting on the server app that say, log debug info in WinVNC.log.
This check box is not checked.
I see though, in the ultravnc folder a file called mslogin.log.
Is this file produced by default and is the buffer issue related to this?
thanks.
I see the setting on the server app that say, log debug info in WinVNC.log.
This check box is not checked.
I see though, in the ultravnc folder a file called mslogin.log.
Is this file produced by default and is the buffer issue related to this?
thanks.
Re: Regarding UltraVNC security risks
Yes, mslogon file is produced by default from UltraVNC for any type of authentication:I see though, in the ultravnc folder a file called mslogin.log.
Is this file produced by default and is the buffer issue related to this?
classic VNC authentication and MS Logon I and II authentication
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
OS Win: xp home + vista business + 7 home
only experienced user, not developer