lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue Jun 21 17:07:45 2005
From: thorpflyer at yahoo.com (Simon Roberts)
Subject: Re: RealVNC/WinVNC Multiple vulnerabilities

Can't say I agree that a VNC server implementation should simply refuse
to run in such a mode. There are plenty of situations where you being
able to get to my server implies that I've already suffered a massive
security breach anyway. Under those conditions, I think the "balance"
approach applies: let me use no authentication and maybe I'll use a
half-decent password, or put up with a "real" protection mechanism,
where it really matters. Like how I get in through my firewall, instead
of how I mess around inside it.

Even if this binary is fixed so no-auth isn't possible, if you're
letting your users configure this rather than giving it to them in a
centrally controlled fashion, then perhaps you already have worse
problems, like they can probably install their own software, etc...

Anyway, I guess my point is that it's my humble opinion that you don't
have the right to mandate the security vs. convenience balance for
everyone else.

Just $0.02, obviously,
Cheers,
Simon


--- class <ad@...ss101.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>  
> > Of course, if you think you know of any viable attacks on VNC
> > servers then feel free to get in touch.
> 
> sure I have mailed you a nice list of ip:5900 shomydeskt0p :) funny
> no
> ? good lines ? ;)
> 
> > The output that you've included just seems to show that (assuming
> > "passworded" means "was able to guess password") your VNC Servers
> > have been configured with poorly chosen passwords.
> 
> passworded mean its passworded , nothing much, my scan doesnt include
> any password brteforce, but it show you how easy it is to scan for
> your app with "No authentications", who is enough crazy thos days to
> add such options ? so easy hacking :)
> 
> >
> >> The output that you've included just seems to show that (assuming
> >> "passworded" means "was able to guess password") your VNC
> >> Servers have been configured with poorly chosen passwords.
> >
> >
> >
> >
> >
> >>> -----Original Message----- From: vnc-list-admin@...lvnc.com
> >>> [mailto:vnc-list-admin@...lvnc.com] On Behalf Of
> >>> class101@...eaker.net Sent: 19 June 2005 15:35 To:
> >>> vnc-list@...lvnc.com Cc: Full-Disclosure Subject:
> >>> RealVNC/WinVNC Multiple vulnerabilities
> >>>
> >
> >> Two simple vulnerabilities wich may lead to an os guess + null
> >> session + several others infos while scanning port 5900, low risk
> >> on paper but high online risk:
> >
> >> My 2cent suggestion to the realvnc team would be to totally
> >> remove this "No Authentication" option wich wasnt present in the
> >> oldold winvnc, and to standardize what is answering all your
> >> servers to restrict the private informations guessing.
> >
> >
> >> quick screenshot( of a simple dfind scanning test on a range that
> >> I thought really secured :>):
> >
> >> ***.7.41:5900 realvnc4 ssl encryption ***.16.83:5900 realvnc4
> >> passworded (free ed. win32) ***.16.91:5900 realvnc4 passworded
> >> (free ed. win32) ***.16.113:5900 realvnc4 passworded (free ed.
> >> win32) ***.16.163:5900 realvnc4 passworded (free ed.
> >> x86/SPARC/HPUX) ***.16.180:5900 realvnc4 passworded (free ed.
> >> x86/SPARC/HPUX) ***.16.202:5900 RealVNC4 NULL Session (free ed.
> >> x86/SPARC/HPUX) ***.16.237:5900 realvnc4 passworded (free ed.
> >> x86/SPARC/HPUX) ***.22.217:5900 realvnc4 passworded (free ed.
> >> x86/SPARC/HPUX) ***.29.91:5900 realvnc4 passworded (free ed.
> >> x86/SPARC/HPUX) ***.29.92:5900 RealVNC4 NULL Session
> >> (perso/enterp ed. win32 encryption:OFF) ***.29.93:5900 realvnc4
> >> passworded (free ed. x86/SPARC/HPUX) ***.29.157:5900 realvnc4
> >> passworded (perso/enterp ed. win32 encryption:OFF)
> >> ***.29.201:5900 realvnc4 passworded (free ed. x86/SPARC/HPUX)
> >> ***.29.234:5900 realvnc4 passworded (free ed. win32)
> >> ***.35.45:5900 realvnc4 passworded (perso/enterp ed. win32
> >> encryption:ON) ***.40.192:5900 RealVNC4 NULL Session
> >> (perso/enterp ed. win32 encryption:ON)
> >
> >> If you are seeking for more informations and you are from
> >> @realvnc.com, email me, or else look at class101.org and
> >> hat-squad.com
> >
> > _______________________________________________ VNC-List mailing
> > list VNC-List@...lvnc.com To remove yourself from the list visit:
> > http://www.realvnc.com/mailman/listinfo/vnc-list
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (MingW32)
>  
> iD8DBQFCttl9LyZ8K9aT7rARApBzAJsHl81GPtNFi7tUeNIif8agJO2OoQCZAVjE
> QU7mktxxg1nZbPX+dLKuOqA=
> =gGqf
> -----END PGP SIGNATURE-----
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ