server send hash to viewer
viewer encrypt passwd or user/passwd with the hash using des
encrypted string is send back to the server
server use hash to decrypt it...
Passwd is not plain text in a network packet.
But users still can put a sniffer on the network,
filter out the server->viewer hash and viewer->server encrypted passwd.
Then he can use the decrypt part of vnc the get back the passwd.
Without plugin, this method is OK for lan use. When someone
intern does the effort to find a passwd, he would be able to get it in an other way also.
For internet use depending on the content that is on the PC, you better use some encryption plugin.