Home page logo

bugtraq logo Bugtraq mailing list archives

About VNC
From: patrick () PINE NL (Patrick Oonk)
Date: Wed, 24 May 2000 11:40:41 +0200


In a post to bugtraq yesterday I posted patches to the unix vncviewer
which turns it in a cracker by doing dictionary attacks on the
(win)VNC server.

Please note that WinVNC since version 3.3.3R6 incorporates code
that makes attacks like described in my previous post much harder.
Version 3.3.3R6 which was released at may 15, 2000. Please update
your server, use strong passwords and apply the AuthHosts
and QuerySetting registry settings if possible.

It can be gotten at http://www.uk.research.att.com/vnc/.
See http://www.uk.research.att.com/vnc/winhistory.html for what
has been changed.


 Patrick Oonk -  PO1-6BONE -  patrick () pine nl -  www.pine.nl/~patrick
 Pine Internet - PAT31337-RIPE - PGPkeyID BE7497F1 - XOIP+31208723350
 Tel: +31-70-3111010  -   Fax: +31-70-3111011   -  http://security.nl
 PGP   fingerprint   A6 12 66 7F 22 84 1B E5  73 8C 99 F7 17 7B A3 98
 Excuse of the day: solar flares

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]