Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
security question
security question
Lets assume I can set up UltraVNC and the ARC4 Plugin correctly, then open the ports on my router correctly, then get it all working correctly. Then, I leave the server running (with the ARC4 working and ports open) with UltraVNC waiting for a connection. My question is: can someone else gain access without the ARC4 key? And what if the ARC4 is not working, can someone gain access (assuming they can guess the UltraVNC password?
Re: security question
vncviewer without plugin he can reach the server with arc4plugin but fail to authenticate.
if vnc server crash for any reason, I'm not sure if there a security issue.
but as my knowledge, unpossible to reach the vnc server until restart and it auto restart with dsmplugin arc4plugin.
if vnc server crash for any reason, I'm not sure if there a security issue.
but as my knowledge, unpossible to reach the vnc server until restart and it auto restart with dsmplugin arc4plugin.
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
OS Win: xp home + vista business + 7 home
only experienced user, not developer
Re: security question
If the viewer has not the good ARC4 key file, he just can't even start the handshaking process (RFB protocole version and so on) before the authentication process itself (VNC password).
The data is encrypted from the very first bytes. If the Viewer can't correctly encrypt these bytes with the same key than the server, they can't understand each other and the connection is immediatly dropped, even before the server to ask for the password.
The data is encrypted from the very first bytes. If the Viewer can't correctly encrypt these bytes with the same key than the server, they can't understand each other and the connection is immediatly dropped, even before the server to ask for the password.
UltraSam