is VNC vulnerable?

Toggle sidebar Toggle sidebar
A

abc

Diamond Member
Nov 26, 1999
3,116
0
0
are any of the variants of VNC more safe than the others.... can others remote to one of your PCs that you've installed the VNC client?

i'd like to try ultravnc...
 
ultimatebob

ultimatebob

Lifer
Jul 1, 2001
25,134
2,450
126
Originally posted by: abc
are any of the variants of VNC more safe than the others.... can others remote to one of your PCs that you've installed the VNC client?

i'd like to try ultravnc...
Click to expand...

RealVNC, TightVNC, and UltraVNC all send information (excluding the password) unencrypted, so they are vulnerable to packet sniffing. Of course, you would have the same problem with FTP or telnet, and people still use those all the time.
 
P

pulse8

Lifer
May 3, 2000
20,860
1
81
I believe there's a way to run VNC through an SSH tunnel, but I don't know exactly how to do it.
 
D

drag

Elite Member
Jul 4, 2002
8,708
0
0
Or you could just use a different password for each session or change it a lot.

I mean that VNC uses it's own password and not the user's password, doesn't it?
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: drag
Or you could just use a different password for each session or change it a lot.

I mean that VNC uses it's own password and not the user's password, doesn't it?
Click to expand...

That is correct. But tunneling it over SSH makes it much more secure. ;)
 
C

CTho9305

Elite Member
Jul 26, 2000
9,214
1
81
Originally posted by: n0cmonkey
Originally posted by: drag
Or you could just use a different password for each session or change it a lot.

I mean that VNC uses it's own password and not the user's password, doesn't it?
Click to expand...

That is correct. But tunneling it over SSH makes it much more secure. ;)
Click to expand...

SSH tunneling is easy to do, too, as long as the VNC server is also running an SSH server.
 
ultimatebob

ultimatebob

Lifer
Jul 1, 2001
25,134
2,450
126
Originally posted by: drag
Or you could just use a different password for each session or change it a lot.

I mean that VNC uses it's own password and not the user's password, doesn't it?
Click to expand...

RealVNC and TightVNC use their own password, but UltraVNC uses Windows authenication to log on. RealVNC and TightVNC also have a weird bug that causes them to reset the VNC password back to the original installation value if you run them as a system service and you reboot the system. So, you can change the password while the server is running, but don't forget the original password if you need to reboot.
 
L

loup garou

Lifer
Feb 17, 2000
35,132
1
81
Originally posted by: ultimatebob
Originally posted by: drag
Or you could just use a different password for each session or change it a lot.

I mean that VNC uses it's own password and not the user's password, doesn't it?
Click to expand...

RealVNC and TightVNC use their own password, but UltraVNC uses Windows authenication to log on. RealVNC and TightVNC also have a weird bug that causes them to reset the VNC password back to the original installation value if you run them as a system service and you reboot the system. So, you can change the password while the server is running, but don't forget the original password if you need to reboot.
Click to expand...
Windows authentication is an option in UltraVNC, you don't have to use it.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom