Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Ultra VNC-3DES-is it secure
From: "Randy Wyatt" <rwwyatt01 () gmail com>
Date: Tue, 22 Jan 2008 16:50:24 -0800

On Jan 18, 2008 12:46 PM, pentestr <pentestr () gmail com> wrote:
hi hackers,
I am doing a VA/PT for one our client and found one of the servers is
using Ultra VNC. The ports (5800 & 5900) are open to Internet. Is it
secure against Man in the middle attack?
Do I need to report this as a CRITICAL/HIGH security issue..

Thanks & Rgds.
P.T.


Personally, I would rate it as a critical issue.  There are a number
of much more secure solutions
to remote server administration rather than ultra-vnc.  I have not
reviewed the actual SSL plugin, but that can always be checked for
existing vulnerabilities depending on the version of OpenSSL
implemented.

Regards,
Randy

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]