VNC security alert

Tony Su beaches "at" inetworld.net
Sun, 28 Nov 1999 01:46:28 +0000 

Re: your question on NT permissions to read the Registry. By default anyone
can read it, but it's a standard issue when establishing your network
security policy and locking down boxes.

I suppose besides accessing the Registry, VNC passwords can be sniffed...

The 8 character password has always been a concern for me, but only for
Workgroup Security because in an NT Domain, even if someone is able to logon
with VNC they still have to overcome NT Domain authentication.

Tony Su



> -----Original Message-----
> From: owner-vnc-list "at" uk.research.att.com
> [mailto:owner-vnc-list "at" uk.research.att.com]On Behalf Of Mike Miller
> Sent: Saturday, November 27, 1999 4:17 PM
> To: vnc-list "at" uk.research.att.com
> Subject: Re: VNC security alert
>
>
> On Sat, 27 Nov 1999, Jeferson Charles Mayer wrote:
>
> [Conde Vampiro] is saying that VNC uses
> >
> > > 1) Fixed password length (up to 8 characters).
> > > 2) Fixed encryption key.
> >
> > and that these two conditions make it vulnerable to a brute force
> > attack. He talks about the registry just to point out an explanation.
> > This seems really clear to me. Am I wrong about that?
>
>
> My simple understanding of this issue is that to implement a "brute force
> attack" you first get hold of the encrypted password, then you decrypt the
> password, then you use the (unencrypted) password to get access to the
> machine by VNC.
>
> The big problem for the attacker is that they have to get the encrypted
> password to implement this attack, and the encrypted password is in the
> registry of the putatively vulnerable machine.  So, the attacker has to
> first read the registry of the machine he wants to attack, then implement
> the attack.  But how does he read the registry if he hasn't already
> successfully attacked the machine?  It isn't much of a vulnerability then,
> is it?
>
> I suppose that if a machine has multiple users, one of the users can
> decrypt passwords of other users and gain access to resources he/she
> wasn't supposed to have.  Is that possible?  In the unix version, user
> passwords have permissions set to 600, so they are not readable by group
> or others.  I'm not sure who's allowed to read the registry on NT machines
> -- is it only administrators?  If so, I would consider this a non-issue
> for NT.
>
> Tell me if I'm missing something here.
>
> Regards,
>
> Mike
>
> --
> Michael B. Miller
> University of Missouri--Columbia
> http://taxa.psyc.missouri.edu/~mbmiller/


---------------------------------------------------------------------
The VNC mailing list - see http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------