Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Hashed deault password

Any features you would like to see in UltraVNC? Propose it here
Post Reply
hydrian
Posts: 1
Joined: 2014-10-15 15:46

Hashed deault password

Post by hydrian »

Ello,
I'd like a recommend a security enhancement. I know that UltraVNC used the store the default VNC password in clear text in the registry. This allows a bad admin or program to scavenge the passwords if it happens to to have access to the registry key.

I propose that we should store the default password in a one way seeded hash. This way if a registry entry is left insecure (default installation) even is the entry is read, the default password is not known.
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6832
Joined: 2004-04-23 10:21
Contact:

Re: Hashed deault password

Post by Rudi De Vos »

There is no default password, the initial password has a random value.
The password is saved the ultravnc.ini file with some weak des encryptionn, we don't use the registry.

The password is encrypted with some weak des encryption as the server need to be able to decrypt.
Post Reply