Nick Torkington nick.torkington "at"
Fri, 23 Oct 1998 09:04:24 +0000

We install VNC on classroom PCs so that it can be used as a teaching aid,
broadcasting one screen to several students.  We stuff a standard password
into each student's registry so that we can assist them remotely should they
require help.

Even when VNC is executed as a service, students can easily call up the
properties dialog and then use Revelation to discover this password,
allowing them to maliciously "take over" other students PCs.

This has *actually* happened, despite some claims in this forum that it is
not possible because VNC doesn't work in that way.

I'd like to continue to use VNC as it has saved us a lot of time over the
past few weeks, but until this security problem is addressed we're forced to
withdraw it.

Nick Torkington
I.T. Support
The Oldham College

The VNC mailing list     -   see