Revelation

Tim Hauber Tim_Hauber "at" STEV.net
Fri, 23 Oct 1998 00:09:44 +0000


That's what I thought after looking at Rev.  It can only reveal cached
passwords that windows so conveniently "remembers" VNC doesn't cache any
passwords, however, if someone manages to get your VNC password to a win95
server then Revelation could be used to get other passwords.  As soon as
the "no tray icon 'bug'" is fixed, then there will at least be a visual
indication that something is happening.  I was more interested in how
keystrokes are sent between client and server, and whether or not a
sniffer can read passwords being entered remotely.  Is this data stream
encrypted?

Tim Hauber

duke "at" co.kittitas.wa.us,Internet writes:
>I guess I'm missing how this applies to any security concerns for VNC.  I
>don't see where the password is cached in the form of asterisks to be
>viewed/hacked by revelation.  
>
>After you type it in the password box revelation will indeed find it, but
>only after someone who knows the password types it in, but before you hit
>'ok' to start the session.  If I'm not mistaken, that leaves about a
>microsecond between me typing in the password and my hitting OK to start
>the session for vulnerability.
>
>Am I missing something?
>
>Duke Senter
>Network Administrator
>Kittitas County, WA



---------------------------------------------------------------------
The VNC mailing list     -   see http://www.orl.co.uk/vnc/intouch.html
---------------------------------------------------------------------