CORE SDI Advisory - man in the middle attack
Glenn Mabbutt
gmabbutt "at" quartetservice.com
Mon, 29 Oct 2001 13:06:20 +0000
Nope. However, a VNC session is easily encrypted using a tunneling program,
such as SSH (http://www.openssh.org) or Zebedee
(http://www.winton.org.uk/zebedee).
Glenn
-----Original Message-----
From: Chris Hare, CISSP, CISA [mailto:chare "at" chare-cissp.com]
Sent: Saturday, October 27, 2001 5:50 PM
To: vnc-list "at" uk.research.att.com
Subject: CORE SDI Advisory - man in the middle attack
There is a CORE SDI advisory about the VNC authentication protocol and how
it is vulnerable to a man in the middle attack. This advisory was for
3.3.3. Has it been corrected in the current implementations?
thanks
--
Chris Hare, CISSP, CISA
chare "at" chare-cissp.com
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------