Revelation

Nick Torkington nick.torkington "at" oldham.ac.uk
Fri, 23 Oct 1998 09:04:24 +0000


We install VNC on classroom PCs so that it can be used as a teaching aid,
broadcasting one screen to several students.  We stuff a standard password
into each student's registry so that we can assist them remotely should they
require help.

Even when VNC is executed as a service, students can easily call up the
properties dialog and then use Revelation to discover this password,
allowing them to maliciously "take over" other students PCs.

This has *actually* happened, despite some claims in this forum that it is
not possible because VNC doesn't work in that way.

I'd like to continue to use VNC as it has saved us a lot of time over the
past few weeks, but until this security problem is addressed we're forced to
withdraw it.

Nick Torkington
I.T. Support
The Oldham College
UK


---------------------------------------------------------------------
The VNC mailing list     -   see http://www.orl.co.uk/vnc/intouch.html
---------------------------------------------------------------------