On 2012-01-24 13:34, Ben Bucksch wrote: > Affected Products: GNOME Vinagre and many other VNC viewers > > Reproduction: > 1. On your trusted desktop (e.g. Linux), open a text editor > 2. Type "My password", select the text, and hit Ctrl-C > 3. Open a Vinagre VNC connection to a remote host, e.g. running an > untrusted Windows > 4. On the remote Windows host, open notepad.exe > 5. In notepad's menu bar, using the mouse, click on Edit|Paste > > Actual result: > notepad.exe shows "My password" > Expected result: > Nothing. > > Impact: > Because I use a different password for every service, I have to > copy&paste them > (on my trusted desktop). > > However, the remote machine is not trusted. In some cases, it's owned > by > a different company, in other cases I use VNC and a different machine > specifically because I don't trust the software and want it jailed. > If > the untrusted host can get to my passwords from my trusted desktop, > that's a critical security hole, because my passwords leak, and they > may > well give full access to other machines, my bank account or other > highly > sensitive data. > > Affected users: > Using VNC is common usage pattern also used by government agencies > handling highly sensible documents (on the trusted host desktop > system) > while moving dangerous but necessary uses like Internet access, > Windows > system > and similar needs on physically different machines that are accessed > via > VNC. > The purpose is that the untrusted system has no way to get to the > information > on the trusted desktop, but that assumption is violated here. > > Even normal users will be at risk. Many copy&paste passwords, or they > copy&paste snipplets of sensitive Word processing documents, e.g. > business plans. > > Solution: > Given that most users are unaware of this risk, although the danger > may > nevertheless be very real for them, it is necessary for the default > configuration to be secure. They cannot be expected to actively > change > preferences or the software to protect themselves, because the > problem > isn't obvious in the first place. > > Possible solutions: > 1) a pref, with default off and a clear warning about this problem, > because many users will not be aware of it. A pref with default on or > without a clear warning is *not* sufficient. > 2) Better yet: A button on the toolbar "Copy clipboard" Text is > copied > from host desktop clipboard to remote machine clipboard only when > that > button is pressed. > 3) A combination of 1) and 2) >
Many viewers, including RealVNC have the option to disable the shared clipboard. Check your preferences. -- Message sent via my webmail account. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/