Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Subject: WinVNC 3.3.x
From: Gossi The Dog (gossiOWNED.LAB6.COM)
Date: Sat Nov 18 2000 - 20:48:15 CST

So, you use WinVNC and Windows NT4 Workstation/Server...?

During the InstallShield setup utility, it creates the registry key:


which is used to store all of WinVNC's default settings. By default,
Administrator and SYSTEM have full control, and Everybody has Special
Access (read and modify).

Ding dong. The connection password, ip and query restrictions and other
settings are all stored here, all editable by anybody.

This completely comprises any workstation [or server] running WinVNC,
unless its been tightened. You can just use regedit remotely to blank the
password value and set the key "AuthRequired" to 0, to allow the blank

Under Windows 2000, network users with "Standard User" (aka Power User)
privs can do the same by default - really only admins should have access
to this key.

This isn't anything brilliantly new (lax security permissions by default
under NT4), but since WinVNC allows complete remote access to a system, I
feel its important people realise what they are deploying.

FIX - Use regedt32 to remove Everybody's permissions on the key entirely.

Head Of ebe security
Professional Layabouts since 1998