Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Security Implications of using VNC Viewer /WinVNC

To: Checkpoint Mailinglist <[email protected]>
Subject: RE: [FW1] Security Implications of using VNC Viewer /WinVNC
From: Ken McKinlay <[email protected]>
Date: Mon, 25 Sep 2000 17:53:42 -0400
Sender: [email protected]

A brute force attack can be made on the password if you can gain access to
the password in the registry. Of course, if you have access to the registry,
many other things as possible too :)

>From an archived message on the VNC mailing mail
(http://www.uk.research.att.com/search.html):

<snip>
The registry entry is only encrypted to prevent it from being readable if
you happen to have it up on your screen in regedit for some reason, not to
provide security (that should be done using registry security under WinNT).
If you have access to the Windows machine then obviously you can change the
password, or decrypt it
<snip>

Ken McKinlay)
Extension 506 
[email protected]

-----Original Message-----
From: Bill Husler [mailto:[email protected]]
Sent: Monday, September 25, 2000 14:04
Cc: Checkpoint Mailinglist
Subject: Re: [FW1] Security Implications of using VNC Viewer /WinVNC

I have heard that the windows version of VNC stores the password in an
unprotected
(by default) area of the registry using a simple hash and may be
exploitable. Does
anyone care to speak to this?
Bill

[email protected] wrote:

> On Wed, 13 Sep 2000, Aaron Turner wrote:
>
> > Not sure where I read/found this, but I remember hearing that people
> > were tunnelling VNC over SSH.
>
> it is on the vnc website.
>
> http://www.uk.research.att.com/vnc/sshvnc.html
>
> - brett
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====

============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW1] Security Implications of using VNC Viewer /WinVNC
  - From: Bill Husler <[email protected]>

Prev by Date: [FW1] Problem sendmail from the firewall itself
Next by Date: RE: [FW1] How big is the BSD operating system code on a Nokia box?
Previous by thread: RE: [FW1] Security Implications of using VNC Viewer /WinVNC
Next by thread: Re: [FW1] Security Implications of using VNC Viewer /WinVNC
Index(es):
- Date
- Thread