VNC Security Problem...

Nick Torkington nick.torkington "at" oldham.ac.uk
Thu, 22 Oct 1998 08:21:49 +0000


We've been using WinVNC over our College network for some time and found it
extremely useful for technical support.

However, there is a major security problem which has forced us to withdraw
WinVNC.

A program called "Revelation" allows students to find out the VNC (and
other) passwords with ease.  By hovering the mouse over any password field,
the program reveals the underlying password.  The program can be found at
http://www.snadboy.com - take a look.

I note that "Revelation" doesn't work with NT User Manager as the passwords
are not displayed with one asterisk per hidden character.

Can security against this type of program please be incorporated into the
next release of WinVNC?

Nick Torkington
I.T. Support
The Oldham College
U.K.


---------------------------------------------------------------------
The VNC mailing list     -   see http://www.orl.co.uk/vnc/intouch.html
---------------------------------------------------------------------