!!!DANGER!!!! Acute security risk! WAKE UP!!!!
tfseak "at" futurmaster.com
Wed Feb 25 14:05:01 2004
Talking about security, there's one severe bug that needs to be corrected. Months ago, someone reported that even though we could define a long password, but the effective number of letters is only 8 (eight)!
I've tested with VNC 4b4 and the bug is still there. Could someone take a look into it?
On the other hand, it would nice if it is possible to define the password without GUI. Those who have used RSA would see what I'm thinking about. I'm thinking about a similar system. On the server side, I could use an algorithm to generate a random password every n minutes for VNC. On the client side, I could use the same algo to give me the password. This way, brute force hacking risk could be reduced tremendously.
> -----Message d'origine-----
> De : Scott C. Best [mailto:sbest "at" best.com]
> Envoyi : mardi 24 fivrier 2004 19:11
> @ : vnc-list "at" realvnc.com
> Objet : Re: !!!DANGER!!!! Acute security risk! WAKE UP!!!!
> Heya. Yes, it's a safe bet that many people on this list
> have a router with port 5900 forward to a Windows machine. Of
> course, this increases "risk", but only some much as the integrity
> of what *listens* to that port, namely the VNC Server itself.