Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

security for rc4.key files?

Should you have problems with the DSM plugin, here's the place to look for help or report issues
Post Reply
mathog

security for rc4.key files?

Post by mathog »

What are the appropriate security settings for the rc4.key
file?

If a machine is only to act as a server?
If it is to act as both a server and a client?
If any user (not just an Admin) is to be able to use the client?

Thanks,

David Mathog
scovel
100
100
Posts: 307
Joined: 2004-07-12 11:56
Location: CT, USA
Contact:

Good question...

Post by scovel »

Unfortunately I don't have a good answer. Never tested how file permissions effect Ultra. I'll put it on the TODO list. What OS/Version are you running? Don't tell me 95 or I'll slap you! :D

Sean
Mathog

Re: Good question...

Post by Mathog »

scovel wrote:Unfortunately I don't have a good answer. Never tested how file permissions effect Ultra. I'll put it on the TODO list. What OS/Version are you running? Don't tell me 95 or I'll slap you! :D

Sean
XP Pro SP2 on both ends.
UltraVNC RC19

I've noticed that a "regular user" cannot make an encrypted
connection the way things are set up now. It gives an
error message consistent with the Viewer not having
access to the local rc4.key file. The Administrator can
get through with no problem.

Regards,

David Mathog
scovel
100
100
Posts: 307
Joined: 2004-07-12 11:56
Location: CT, USA
Contact:

????

Post by scovel »

David,

What version of the plugin are you using? As of 112, any registry problems should have been taken care of. As of 115 not only can regular users use it, "Guest" can also use the plugin.

I'll need more details on the error message, and probably a log file from the plugin to tell you what's going on with regular users.

What are the permissions of the key file when you have problems?

Sean
Mathog

Re: ????

Post by Mathog »

scovel wrote:David,

What version of the plugin are you using? As of 112, any registry problems should have been taken care of. As of 115 not only can regular users use it, "Guest" can also use the plugin.

I'll need more details on the error message, and probably a log file from the plugin to tell you what's going on with regular users.

What are the permissions of the key file when you have problems?

Sean
The plugin is MSRC4Plugin_noreg.dsm, properties->version
says 1.1.4.0, security on the plugin is

Everyone=Full,Modify,R&E,R,Write.
Users=R&E,R
Administrator(s)=like Everyone

Hmm, that looks like a bad idea, I'm going to change Everyone to just R&E, E. Not sure how it ended up
with the current permissions.

The RC4.key file has security:
Administrator(s)=Full,Modify,R&E,R,Write
Users=R&E,R
Everyone=no access

These are inherited from C:\program files\
The account I tested was under "Users".

Don't know if this is relevant or not, but the .key extension
is also used by Sassafras KeyServer programs, which are
also present on the client side. Double clicking RC4.key brings
up Sassafras's KeyConfigure program. Presumably the
plugin just uses an open or fopen and so the extension mapping
shouldn't matter.

I'll put the error message in the next post - have to login to
another account to generate it.
Mathog

Re: ????

Post by Mathog »

scovel wrote:David,

I'll need more details on the error message, and probably a log file from the plugin to tell you what's going on with regular users.

Sean
The first error message that comes up is:

"The Plugin cannot be loaded. Please check its name integrity."

Click ok and the message comes up a second time.
Click ok and this message appears:

Connection failed - Invalid protocol!

Possible causes:

-You've forgotten to select a DSMPlugin and the servers uses a DSMPlugin

-Viewer and Server are not compatible (they use different RFB protocoles) <--- actual spelling error in message.

Click ok and that ends the attempt.

Windows explorer from this regular "User" (=local) account
can get directory listings from the top all the way down
to the folder holding rc4.key (so it's not apparently a directory
protection issue). From DOS I can cd to that directory and
then type RC4.key, so it's not obviously a read problem either.

Perhaps the open/fopen allows for write or append instead of
just "r" and that's why it is blocked???

Just to repeat, from Administrator it just works, none of these
error messages appear.
scovel
100
100
Posts: 307
Joined: 2004-07-12 11:56
Location: CT, USA
Contact:

114

Post by scovel »

Well,

Since its version 114 and you are using a restricted account, and it DIDN'T say it couldn't find the key file, I'd suggest you try it with Version 115. Version 115 works better in restricted accounts. Specifically, it doesn't try to create a persistent key-store. This gets around some problems with the "Guest" account.

Give 115 a try and let me know.

Sean
Post Reply