1.2.0.3 ( Security update)

1.2.0.3 ( Security update)

Postby Rudi De Vos » 2014-09-22 19:40

Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5369
Joined: 2004-04-23 10:21

Re: 1.2.0.3 ( Security update)

Postby Nick_od » 2014-09-25 05:10

good afternoon.
found error.
system windows xp 32 bit winvnc.exe (v1_2_03)
"SecureVNCPlugin.dsm" when you press the button "Config."
then change the password - the password is not possible to change
set up a new password does not save

in version winvnc.ehe (v1_2_02) to save your password is working properly
Nick_od
40
40
 
Posts: 82
Joined: 2013-09-04 06:42

Re: 1.2.0.3 ( Security update)

Postby Rudi De Vos » 2014-09-25 10:22

This part needed to be changed to fix the exploit.
The config is now started as desktop user...

*This don't work for domain admins, a service can not impersonate the desktop user

1)logon as local admin
or
2)Use uvnc_settings.exe to make the changes.

Service and change settings via the tray should be removed in the future to force people
to use the sapereate app for it. Sorry
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5369
Joined: 2004-04-23 10:21

Re: 1.2.0.3 ( Security update)

Postby Nick_od » 2014-09-26 05:39

Rudi De Vos wrote:1)logon as local admin
or
2)Use uvnc_settings.exe to make the changes.


password is not changed
tried the first and second option
Nick_od
40
40
 
Posts: 82
Joined: 2013-09-04 06:42

Re: 1.2.0.3 ( Security update)

Postby Rudi De Vos » 2014-09-29 18:45

Correct, seems i missed the return info from the plugin config... passphraze is not saved.
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5369
Joined: 2004-04-23 10:21

Re: 1.2.0.3 ( Security update)

Postby Rudi De Vos » 2014-10-01 20:17

reuploaded files with fixed config savings
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5369
Joined: 2004-04-23 10:21

Re: 1.2.0.3 ( Security update)

Postby SiUK » 2014-10-02 11:03

Many thanks for updating the software and resolving the security bug. Is there a .MSI version of the installer or is that coming soon?

Thanks,
Si.
SiUK
 
Posts: 1
Joined: 2014-10-02 10:59

Re: 1.2.0.3 ( Security update)

Postby Rudi De Vos » 2014-10-02 12:21

Not yet, we made 1.2.0.3 available as soon as possible.
Msi still need to be created
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5369
Joined: 2004-04-23 10:21

Re: 1.2.0.3 ( Security update)

Postby Nick_od » 2014-10-03 08:11

Rudi De Vos wrote:reuploaded files with fixed config savings


Hi
A new version i checked
system windows xp 32 bit winvnc.exe (v1_2_03 new)
"SecureVNCPlugin.dsm" when you press the button "Config."
then change the password - the password is change
but if I connect at the password prompt I can hit only 8 characters
(if the password is longer than I can enter 8 characters and log in)
system windows xp 32 bit vncviewer.exe (v1_2_03 new)


A new version i checked uvnc_settings.exe (v1_2_03 new)
"SecureVNCPlugin.dsm" when you press the button "Config."
the password is change and all work fine
(if I connect at the password prompt I can hit more 8 characters and all work fine)
Nick_od
40
40
 
Posts: 82
Joined: 2013-09-04 06:42

Re: 1.2.0.3 ( Security update)

Postby Rudi De Vos » 2014-10-05 19:32

I tried to repeat it without luck

1) removed ultravnc.ini
2) started winvnc.exe (app)
3) In the properties window i set passwd, select use dsm plugin and press config
4) save passwd in config
ultravnc.ini is cerated with a single line that indicate the saved options
Code: Select all
[admin]
DSMPluginConfig=SecureVNC;0;0x00104001;123456789==

5)press OK in properties dialog
Now all the other options in ultravnc.ini are set

When i connect the viewer ( selecting plugin) i have >8 chars and the window indicate
Code: Select all
passwd requested
AES-256....


All is in the ultravnc.ini, do you see a difference between the uvnc_settings saved versiona and the
version created with the tray icon.
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5369
Joined: 2004-04-23 10:21

Re: 1.2.0.3 ( Security update)

Postby Nick_od » 2014-10-10 11:22

Rudi De Vos wrote:2) started winvnc.exe (app)


You need start winvnc.exe as service
then in the tray select (admin properties) then SecureVNCPlugin.dsm (Config.)
AES(128.....
256 bit
RSA-2048
(use new key algorithm.....)
Passphrase: enter password 9 chars
Confirm: enter password 9 chars
save this
then When you connect the viewer (selecting plugin)
password prompt
you can not enter >8 chars
Nick_od
40
40
 
Posts: 82
Joined: 2013-09-04 06:42

Re: 1.2.0.3 ( Security update)

Postby Rudi De Vos » 2014-10-10 11:50

You need start winvnc.exe as service
then in the tray select (admin properties) then SecureVNCPlugin.dsm (Config.)
...
Confirm: enter password 9 chars
save this


Please press config again... is the value realy saved... do you see the extra line
Code: Select all
DSMPluginConfig=SecureVNC;0;0x00104001;123456789==

in the ultravnc.ini

When i'm correct, the problem is that running as service we use the credentials of the current desktop user.
1) We need to get the credentials... this fail for domain users
2) The desktop user need to be admin or he can not save ultravnc.ini

If value is not saved in ini, then winvnc ask the default vnc passwd that's 8 chars.

As we can not bypass 1) and 2) we
need to add some extra check... that popup when desktop user can not be impersonate.
And guide the users to use the uvnc_settings.exe.
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5369
Joined: 2004-04-23 10:21

Re: 1.2.0.3 ( Security update)

Postby Nick_od » 2014-10-14 08:27

after save (uvnc_settings.exe)
DSMPluginConfig=SecureVNC;0;0x00104001;MTIzNDU2Nzg5 (123456789)

after
then in the tray select (admin properties) then SecureVNCPlugin.dsm (Config.)
Confirm: enter password 9 chars (123456789)
save and open (ultravnc.ini)
DSMPlugin=SecureVNCPlugin.dsm (empty)
no password
why is this happening?
Nick_od
40
40
 
Posts: 82
Joined: 2013-09-04 06:42

Re: 1.2.0.3 ( Security update)

Postby Rudi De Vos » 2014-10-14 11:15

Desktop user permission

The dsm config run as impersonated desktop user, 2 possible reasons
1° User can nor save
2° User can not be imperonate ( domain users can not be impersonate by local service)
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5369
Joined: 2004-04-23 10:21

Re: 1.2.0.3 ( Security update)

Postby Kirck » 2014-10-31 12:33

Vnc session hangs up when I type "\" char inside a textbox or in explorer's address bar in remote session.
Kirck
20
20
 
Posts: 52
Joined: 2005-06-16 08:41

Re: 1.2.0.3 ( Security update)

Postby Rudi De Vos » 2014-10-31 14:32

Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5369
Joined: 2004-04-23 10:21


Return to 1.2.0.X

Who is online

Users browsing this forum: No registered users and 1 guest

cron