RE: [FW1] Security Implications of using VNC Viewer /WinVNC

Mon, 25 Sep 2000 14:58:15 -0700 


A brute force attack can be made on the password if you can gain access to
the password in the registry. Of course, if you have access to the registry,
many other things as possible too :)


>From an archived message on the VNC mailing mail
(http://www.uk.research.att.com/search.html):

<snip>
The registry entry is only encrypted to prevent it from being readable if
you happen to have it up on your screen in regedit for some reason, not to
provide security (that should be done using registry security under WinNT).
If you have access to the Windows machine then obviously you can change the
password, or decrypt it
<snip>


Ken McKinlay
(613-599-9199)
Extension 506 
[EMAIL PROTECTED]



-----Original Message-----
From: Bill Husler [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 25, 2000 14:04
Cc: Checkpoint Mailinglist
Subject: Re: [FW1] Security Implications of using VNC Viewer /WinVNC



I have heard that the windows version of VNC stores the password in an
unprotected
(by default) area of the registry using a simple hash and may be
exploitable. Does
anyone care to speak to this?
Bill

[EMAIL PROTECTED] wrote:

> On Wed, 13 Sep 2000, Aaron Turner wrote:
>
> > Not sure where I read/found this, but I remember hearing that people
> > were tunnelling VNC over SSH.
>
> it is on the vnc website.
>
> http://www.uk.research.att.com/vnc/sshvnc.html
>
> - brett
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to