Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-disclosure] Re: RealVNC/WinVNC Multiple vulnerabilities
From: Simon Roberts (thorpflyeryahoo.com)
Date: Tue Jun 21 2005 - 11:07:36 CDT
Can't say I agree that a VNC server implementation should simply refuse
to run in such a mode. There are plenty of situations where you being
able to get to my server implies that I've already suffered a massive
security breach anyway. Under those conditions, I think the "balance"
approach applies: let me use no authentication and maybe I'll use a
half-decent password, or put up with a "real" protection mechanism,
where it really matters. Like how I get in through my firewall, instead
of how I mess around inside it.
Even if this binary is fixed so no-auth isn't possible, if you're
letting your users configure this rather than giving it to them in a
centrally controlled fashion, then perhaps you already have worse
problems, like they can probably install their own software, etc...
Anyway, I guess my point is that it's my humble opinion that you don't
have the right to mandate the security vs. convenience balance for
Just $0.02, obviously,
--- class <adclass101.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> > Of course, if you think you know of any viable attacks on VNC
> > servers then feel free to get in touch.
> sure I have mailed you a nice list of ip:5900 shomydeskt0p :) funny
> ? good lines ? ;)
> > The output that you've included just seems to show that (assuming
> > "passworded" means "was able to guess password") your VNC Servers
> > have been configured with poorly chosen passwords.
> passworded mean its passworded , nothing much, my scan doesnt include
> any password brteforce, but it show you how easy it is to scan for
> your app with "No authentications", who is enough crazy thos days to
> add such options ? so easy hacking :)
> >> The output that you've included just seems to show that (assuming
> >> "passworded" means "was able to guess password") your VNC
> >> Servers have been configured with poorly chosen passwords.
> >>> -----Original Message----- From: vnc-list-adminrealvnc.com
> >>> [mailto:vnc-list-adminrealvnc.com] On Behalf Of
> >>> class101phreaker.net Sent: 19 June 2005 15:35 To:
> >>> vnc-listrealvnc.com Cc: Full-Disclosure Subject:
> >>> RealVNC/WinVNC Multiple vulnerabilities
> >> Two simple vulnerabilities wich may lead to an os guess + null
> >> session + several others infos while scanning port 5900, low risk
> >> on paper but high online risk:
> >> My 2cent suggestion to the realvnc team would be to totally
> >> remove this "No Authentication" option wich wasnt present in the
> >> oldold winvnc, and to standardize what is answering all your
> >> servers to restrict the private informations guessing.
> >> quick screenshot( of a simple dfind scanning test on a range that
> >> I thought really secured :>):
> >> ***.7.41:5900 realvnc4 ssl encryption ***.16.83:5900 realvnc4
> >> passworded (free ed. win32) ***.16.91:5900 realvnc4 passworded
> >> (free ed. win32) ***.16.113:5900 realvnc4 passworded (free ed.
> >> win32) ***.16.163:5900 realvnc4 passworded (free ed.
> >> x86/SPARC/HPUX) ***.16.180:5900 realvnc4 passworded (free ed.
> >> x86/SPARC/HPUX) ***.16.202:5900 RealVNC4 NULL Session (free ed.
> >> x86/SPARC/HPUX) ***.16.237:5900 realvnc4 passworded (free ed.
> >> x86/SPARC/HPUX) ***.22.217:5900 realvnc4 passworded (free ed.
> >> x86/SPARC/HPUX) ***.29.91:5900 realvnc4 passworded (free ed.
> >> x86/SPARC/HPUX) ***.29.92:5900 RealVNC4 NULL Session
> >> (perso/enterp ed. win32 encryption:OFF) ***.29.93:5900 realvnc4
> >> passworded (free ed. x86/SPARC/HPUX) ***.29.157:5900 realvnc4
> >> passworded (perso/enterp ed. win32 encryption:OFF)
> >> ***.29.201:5900 realvnc4 passworded (free ed. x86/SPARC/HPUX)
> >> ***.29.234:5900 realvnc4 passworded (free ed. win32)
> >> ***.35.45:5900 realvnc4 passworded (perso/enterp ed. win32
> >> encryption:ON) ***.40.192:5900 RealVNC4 NULL Session
> >> (perso/enterp ed. win32 encryption:ON)
> >> If you are seeking for more informations and you are from
> >> realvnc.com, email me, or else look at class101.org and
> >> hat-squad.com
> > _______________________________________________ VNC-List mailing
> > list VNC-Listrealvnc.com To remove yourself from the list visit:
> > http://www.realvnc.com/mailman/listinfo/vnc-list
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (MingW32)
> -----END PGP SIGNATURE-----
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/