I've been asked to further investigate the use of UltraVNC from a security perspective for our organization and have been searching the forum for related threads when I stumbled across this one. I am currently awaiting approval to install and test the application in our corporate environment, so I have no experience using it.
It is my understanding that the MSRC4 plug in will encrypt the communications between the client and the hosting computer using 128 bit RC4 encryption and that passwords are stored using an MD5 / 128 bit hash of the password. It's also my understanding that an AESV2 plug in is available, which supports 128 bit AES encryption with 128 bit random salt and an MD5 / 128 bit hash.
That said, I have a few questions:
1. Are the password hashes still stored in the system registry? If so...
2. Where are the hashes stored (for backup purposes)?... HKLM vs. HKCU
3. Is there a plug in available that utilizes SHA1 for the password hash?
4. Does any session caching occur on either the client or the hosting computer?... If so, is that also encrypted?
Any and all feedback is greatly appreciated. Thanks!
[mod=3406,1175542548] split from other topic not really a feature request [/mod]
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Questions on the DSM PLUGINS
Questions on the DSM PLUGINS
Last edited by BitBucket on 2007-04-02 19:35, edited 1 time in total.
-
mattice06082
- Former moderator
- Posts: 607
- Joined: 2006-11-30 00:41
- Location: Connecticut, USA
Re: Questions on the DSM PLUGINS
Since no one has responded to your post, you may be better off looking at the MSRC4 Homepage. There is a NOREG version of the plugin which I assume doesn't use the registry, but I'm not the developer so that's just an educated guess. You use the UltraVNC viewer to create an rc4.key file which needs to be on both the UltraVNC server PC and also the machine running the viewer. I searched the homepage for SHA1 and came out empty so I assume the answer is no.
Re: Questions on the DSM PLUGINS
Thanks! Yeah, the "MSRC4" page is where I started out and I couldn't find anything on SHA1 either. Thanks for the info on the registry... So MSRC4 uses more of a symmetric encryption?
-
mattice06082
- Former moderator
- Posts: 607
- Joined: 2006-11-30 00:41
- Location: Connecticut, USA
Re: Questions on the DSM PLUGINS
I'm not the developer so I really can't answer your questions on the details, but there is an email address on the MSRC4 homepage where you may get answers from the developer. 
Re: Questions on the DSM PLUGINS
Thanks... I'll send them an email. If I'm able to obtain the answers to my questions, I'll follow up on this thread. Thanks again.