mailing list archives
VNC viewers: Clipboard of host automatically sent to remote machine
From: Ben Bucksch <news () bucksch org>
Date: Tue, 24 Jan 2012 14:34:56 +0100
Affected Products: GNOME Vinagre and many other VNC viewers
1. On your trusted desktop (e.g. Linux), open a text editor
2. Type "My password", select the text, and hit Ctrl-C
3. Open a Vinagre VNC connection to a remote host, e.g. running an
4. On the remote Windows host, open notepad.exe
5. In notepad's menu bar, using the mouse, click on Edit|Paste
notepad.exe shows "My password"
Because I use a different password for every service, I have to
(on my trusted desktop).
However, the remote machine is not trusted. In some cases, it's owned by
a different company, in other cases I use VNC and a different machine
specifically because I don't trust the software and want it jailed. If
the untrusted host can get to my passwords from my trusted desktop,
that's a critical security hole, because my passwords leak, and they may
well give full access to other machines, my bank account or other highly
Using VNC is common usage pattern also used by government agencies
handling highly sensible documents (on the trusted host desktop system)
while moving dangerous but necessary uses like Internet access, Windows
and similar needs on physically different machines that are accessed via
The purpose is that the untrusted system has no way to get to the
on the trusted desktop, but that assumption is violated here.
Even normal users will be at risk. Many copy&paste passwords, or they
copy&paste snipplets of sensitive Word processing documents, e.g.
Given that most users are unaware of this risk, although the danger may
nevertheless be very real for them, it is necessary for the default
configuration to be secure. They cannot be expected to actively change
preferences or the software to protect themselves, because the problem
isn't obvious in the first place.
1) a pref, with default off and a clear warning about this problem,
because many users will not be aware of it. A pref with default on or
without a clear warning is *not* sufficient.
2) Better yet: A button on the toolbar "Copy clipboard" Text is copied
from host desktop clipboard to remote machine clipboard only when that
button is pressed.
3) A combination of 1) and 2)
The maintainer of the application has been informed via bugzilla, but
has refused to acknowledge it as security problem.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- VNC viewers: Clipboard of host automatically sent to remote machine Ben Bucksch (Jan 24)