Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Security Implications of using VNC Viewer /WinVNC

Subject: Re: [FW1] Security Implications of using VNC Viewer /WinVNC
From: Bill Husler <[email protected]>
Date: Mon, 25 Sep 2000 15:37:59 -0700
Cc: Checkpoint Mailinglist <[email protected]>
References: <C5838F7EE7A3D111802B0060B06B1E2903B0EF29@dy4exsrv1>
Reply-to: [email protected]
Sender: [email protected]

I guess what I am hearing you say is that there is no way to Read information from
the registry remotely and that one would have to be physically at the console in
order to have this access (in which case, you would hardly need VNC anyway).
Bill

Ken McKinlay wrote:

> A brute force attack can be made on the password if you can gain access to
> the password in the registry. Of course, if you have access to the registry,
> many other things as possible too :)
>
> >From an archived message on the VNC mailing mail
> (http://www.uk.research.att.com/search.html):
>
> <snip>
> The registry entry is only encrypted to prevent it from being readable if
> you happen to have it up on your screen in regedit for some reason, not to
> provide security (that should be done using registry security under WinNT).
> If you have access to the Windows machine then obviously you can change the
> password, or decrypt it
> <snip>
>
> Ken McKinlay
>)
> Extension 506
> [email protected]
>
> -----Original Message-----
> From: Bill Husler [mailto:[email protected]]
> Sent: Monday, September 25, 2000 14:04
> Cc: Checkpoint Mailinglist
> Subject: Re: [FW1] Security Implications of using VNC Viewer /WinVNC
>
> I have heard that the windows version of VNC stores the password in an
> unprotected
> (by default) area of the registry using a simple hash and may be
> exploitable. Does
> anyone care to speak to this?
> Bill
>
> [email protected] wrote:
>
> > On Wed, 13 Sep 2000, Aaron Turner wrote:
> >
> > > Not sure where I read/found this, but I remember hearing that people
> > > were tunnelling VNC over SSH.
> >
> > it is on the vnc website.
> >
> > http://www.uk.research.att.com/vnc/sshvnc.html
> >
> > - brett
> >
> >
> ============================================================================
> ====
> >      To unsubscribe from this mailing list, please see the instructions at
> >               http://www.checkpoint.com/services/mailing.html
> >
> ============================================================================
> ====
>
> ============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>               http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>               http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] Security Implications of using VNC Viewer /WinVNC
  - From: Ken McKinlay <[email protected]>

Prev by Date: RE: [FW1] VPN going Up & Down
Next by Date: RE: [FW1] How big is the BSD operating system code on a Nokia box?
Previous by thread: RE: [FW1] Security Implications of using VNC Viewer /WinVNC
Next by thread: RE: [FW1] Security Implications of using VNC Viewer /WinVNC
Index(es):
- Date
- Thread