Can't say I agree that a VNC server implementation should simply refuse to run in such a mode. There are plenty of situations where you being able to get to my server implies that I've already suffered a massive security breach anyway. Under those conditions, I think the "balance" approach applies: let me use no authentication and maybe I'll use a half-decent password, or put up with a "real" protection mechanism, where it really matters. Like how I get in through my firewall, instead of how I mess around inside it.
Even if this binary is fixed so no-auth isn't possible, if you're letting your users configure this rather than giving it to them in a centrally controlled fashion, then perhaps you already have worse problems, like they can probably install their own software, etc... Anyway, I guess my point is that it's my humble opinion that you don't have the right to mandate the security vs. convenience balance for everyone else. Just $0.02, obviously, Cheers, Simon --- class <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Of course, if you think you know of any viable attacks on VNC > > servers then feel free to get in touch. > > sure I have mailed you a nice list of ip:5900 shomydeskt0p :) funny > no > ? good lines ? ;) > > > The output that you've included just seems to show that (assuming > > "passworded" means "was able to guess password") your VNC Servers > > have been configured with poorly chosen passwords. > > passworded mean its passworded , nothing much, my scan doesnt include > any password brteforce, but it show you how easy it is to scan for > your app with "No authentications", who is enough crazy thos days to > add such options ? so easy hacking :) > > > > >> The output that you've included just seems to show that (assuming > >> "passworded" means "was able to guess password") your VNC > >> Servers have been configured with poorly chosen passwords. > > > > > > > > > > > >>> -----Original Message----- From: [EMAIL PROTECTED] > >>> [mailto:[EMAIL PROTECTED] On Behalf Of > >>> [EMAIL PROTECTED] Sent: 19 June 2005 15:35 To: > >>> vnc-list@realvnc.com Cc: Full-Disclosure Subject: > >>> RealVNC/WinVNC Multiple vulnerabilities > >>> > > > >> Two simple vulnerabilities wich may lead to an os guess + null > >> session + several others infos while scanning port 5900, low risk > >> on paper but high online risk: > > > >> My 2cent suggestion to the realvnc team would be to totally > >> remove this "No Authentication" option wich wasnt present in the > >> oldold winvnc, and to standardize what is answering all your > >> servers to restrict the private informations guessing. > > > > > >> quick screenshot( of a simple dfind scanning test on a range that > >> I thought really secured :>): > > > >> ***.7.41:5900 realvnc4 ssl encryption ***.16.83:5900 realvnc4 > >> passworded (free ed. win32) ***.16.91:5900 realvnc4 passworded > >> (free ed. win32) ***.16.113:5900 realvnc4 passworded (free ed. > >> win32) ***.16.163:5900 realvnc4 passworded (free ed. > >> x86/SPARC/HPUX) ***.16.180:5900 realvnc4 passworded (free ed. > >> x86/SPARC/HPUX) ***.16.202:5900 RealVNC4 NULL Session (free ed. > >> x86/SPARC/HPUX) ***.16.237:5900 realvnc4 passworded (free ed. > >> x86/SPARC/HPUX) ***.22.217:5900 realvnc4 passworded (free ed. > >> x86/SPARC/HPUX) ***.29.91:5900 realvnc4 passworded (free ed. > >> x86/SPARC/HPUX) ***.29.92:5900 RealVNC4 NULL Session > >> (perso/enterp ed. win32 encryption:OFF) ***.29.93:5900 realvnc4 > >> passworded (free ed. x86/SPARC/HPUX) ***.29.157:5900 realvnc4 > >> passworded (perso/enterp ed. win32 encryption:OFF) > >> ***.29.201:5900 realvnc4 passworded (free ed. x86/SPARC/HPUX) > >> ***.29.234:5900 realvnc4 passworded (free ed. win32) > >> ***.35.45:5900 realvnc4 passworded (perso/enterp ed. win32 > >> encryption:ON) ***.40.192:5900 RealVNC4 NULL Session > >> (perso/enterp ed. win32 encryption:ON) > > > >> If you are seeking for more informations and you are from > >> @realvnc.com, email me, or else look at class101.org and > >> hat-squad.com > > > > _______________________________________________ VNC-List mailing > > list VNC-List@realvnc.com To remove yourself from the list visit: > > http://www.realvnc.com/mailman/listinfo/vnc-list > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (MingW32) > > iD8DBQFCttl9LyZ8K9aT7rARApBzAJsHl81GPtNFi7tUeNIif8agJO2OoQCZAVjE > QU7mktxxg1nZbPX+dLKuOqA= > =gGqf > -----END PGP SIGNATURE----- > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/