Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Rick--
Thanks for digging that up. Just to clarify for the other people: the
VNC password is stored in ~/.vnc/passwd and it is chmod 500. So that
means that the password thief must have the user's level of permissions to
steal the user's password file. There is a risk, I agree, but it is a
much more minor risk than you had originally suggested. Apparently,
they've fixed this now, so VNC is safer than ever. I recommend it.
Mike
On Wed, 5 Apr 2000, Buford, Rick wrote:
> This is quite what I remember reading before, but it is simiar.
>
> From
> http://www.securiteam.com/securitynews/VNC_3_3_2_R6_uses_a_weak_password_pro
> tection_mechanism.html :
>
> 2) Fixed encryption key.
> When the VNC server encrypts a password it always uses the same fixed key,
> so the output password are always the same. For example, if we input "conde"
> as password, the output password is: df 6b 7e e8 94 26 d8 b5. Since the
> software is open source, the key is publicly available, making the
> encryption pointless.
>
> Input password -> conde
> Key -> 23 82 107 6 35 78 88 7
> Encrypted password -> df 6b 7e e8 94 26 d8 b5
>
> Input password -> 2621
> Key -> 23 82 107 6 35 78 88 7
> Encrypted password -> 73 05 1d 22 49 b6 05 1c
>
> The VNC server always uses this key ("23 82 107 6 35 78 88 7") in the
> current version. This mean that an attacker with read access to the registry
> can simply decode the password and obtain the plain-text version of it.
>
>
> Rick Buford
> User Support Analyst - Specialist
> ITS - USER SERVICES
> DC017.00 / 884-0578
> > - [ Cleverly Disguised As A Responsible Adult ] -
>
>
> -----Original Message-----
> From: Mike Miller [mailto:EMAIL:PROTECTED]
> Sent: Wednesday, April 05, 2000 11:51
> To: MLUG list
> Subject: Re: [MLUG]
>
>
> On Wed, 5 Apr 2000, Buford, Rick wrote:
>
> > Are there any security risks associated with using vncserver? I
> > remember that older versions of vnc had a security flaw that would
> > essentially let anyone log into the session...
>
> What?! I hope not because I've been using it for a year or so and I've
> read the list most of that time and I haven't heard of this problem.
> Tell me more.
>
>
> > Other than locking the display before closing the session, is there
> > anything else I need to do to secure this? Is there a way to force the
> > server in /etc/rc.d/init.d/ to run as non-root? Since I havent been
> > using any GUI on any of my linux boxes, being able to run an X/Gnome
> > session is kind of a hoot =)
>
> I compiled in tcp_wrappers support for Xvnc, so I restrict access that
> way. Unfortunately, the Xvnc attempts are not logged by tcp_wrappers.
> Now I am using iplog (thanks to someone on this list who told me about
> it). iplog will log all attempts to connect to all ports (Xvnc is in the
> 5900-5999 range), thus that I can see what's happening with Xvnc. I also
> have the hosts.deny file of tcp_wrappers configured to send me an e-mail
> message whenever a connection to Xvnc is rejected by tcp_wrappers. So I
> feel pretty secure altogether.
>
> Mike
>
> --
> Michael B. Miller
> University of Missouri--Columbia
> http://taxa.psyc.missouri.edu/~mbmiller/
>
> --
> To unsubscribe, send a new message with no subject and the words
> "unsubscribe members" in the body to EMAIL:PROTECTED
>
> Archives are available at http://mlug.missouri.edu/list-archives/
> --
> To unsubscribe, send a new message with no subject and the words
> "unsubscribe members" in the body to EMAIL:PROTECTED
>
> Archives are available at http://mlug.missouri.edu/list-archives/
>
--
To unsubscribe, send a new message with no subject and the words
"unsubscribe members" in the body to EMAIL:PROTECTED
Archives are available at http://mlug.missouri.edu/list-archives/
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact