Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Password Encrypted or Just Session?

Should you have problems with the DSM plugin, here's the place to look for help or report issues
Post Reply
EncryptAsker

Password Encrypted or Just Session?

Post by EncryptAsker »

When initiating an ecrypted VNC session is the Password encrypted when sent over the network or only the session data after the password is confirmed.

If not is there a way to not send VNC Session passwords across networks in plain text?

Thanks
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6832
Joined: 2004-04-23 10:21
Contact:

Post by Rudi De Vos »

Encryption is activated before you send the password.

Even without encryption plugin, passwords still use des encryption.
EncryptAsker

Encrypted Passwords

Post by EncryptAsker »

Wow thanks!

Someone told me that RealVNC sent the session passwords in plain text. I wasn't sure if that was true for Ultra or not.

Maybe I was misinformed all the way around.

This is really good though because I was running into policy issues prohibiting the use of any app that sends administrative type passwords across the network unencypted.

Thanks!
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6832
Joined: 2004-04-23 10:21
Contact:

Post by Rudi De Vos »

Even realvnc use des encryption for the password.

The server send a random string to the viewer.
The viewer use this string to encrypt the password
The encrypted password is send to server
The server use the random string he has send to the viewer to decrypt the password.

The only problem is that des encryption is not strong, it's ok for
intranet use, but for internet connections you should use the encryption plugin or ssh....depending on the security level you need for your PC.
Post Reply