Have you guys found any security issues using single click?
One security hole I see that can be a problem as this becomes more mainstream is the lack of authentication for connecting to a remote PC.
The only security used is a public key which is the same exact key that is used by the tech admin. This can be a problem in that if the remote PC was somehow redirected to a different remote controller, there is no authentication type system to prevent the remote pc from being hacked/hijacked by another person.
Is there a solution for this? shouldn't be too difficult to secure, right?
Are there any other security issues that anyone else is aware of?
Thanks!
TKD
After more 2 000 000 (two million) views on forum for 1.5.0.x development versions... and 1.6.1.0, 1.6.3.0-dev versions
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is always welcome
2025-12-14: 1.7.1.X-dev release builds need tests and feedback: https://forum.uvnc.com/viewtopic.php?t=38134
2025-12-02: We need help: English Wikipedia UltraVNC page has been requested to deletion: https://forum.uvnc.com/viewtopic.php?t=38127
Any help is welcome to improve the UltraVNC page and/or to comment on the Wikipedia Talk page
2025-05-06: Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
2023-09-21: Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC development is always here... Any help is welcome
Feedback is welcome
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is always welcome
2025-12-14: 1.7.1.X-dev release builds need tests and feedback: https://forum.uvnc.com/viewtopic.php?t=38134
2025-12-02: We need help: English Wikipedia UltraVNC page has been requested to deletion: https://forum.uvnc.com/viewtopic.php?t=38127
Any help is welcome to improve the UltraVNC page and/or to comment on the Wikipedia Talk page
2025-05-06: Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
2023-09-21: Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC development is always here... Any help is welcome
Feedback is welcome
Security Issues w/SC
Re: Security Issues w/SC
Security as in -TKD wrote:Have you guys found any security issues using single click?
One security hole I see that can be a problem as this becomes more mainstream is the lack of authentication for connecting to a remote PC.
The only security used is a public key which is the same exact key that is used by the tech admin. This can be a problem in that if the remote PC was somehow redirected to a different remote controller, there is no authentication type system to prevent the remote pc from being hacked/hijacked by another person.
Is there a solution for this? shouldn't be too difficult to secure, right?
Are there any other security issues that anyone else is aware of?
Thanks!
TKD
Securing the data being transmitted?
Securing the authentication requests?
Securing the client computer?
Securing the Tech computer?
Data transmission - Make up your own key. Change it as you feel necessary or create one key per client if you dont have a lot of clients.
Authentication requests - It allows the tech to control this since its initiated on the client side. You can allow or disallow connection with newest viewer in listen mode and new compiler.
Client computer Its initiated from them so it should be pretty secure, network sniffers may be able to pick up some info but I am not aware of how to hijack a session to view what is going on?? Has anyone?
Tech computer - If you cant secure it then you may not want to be putting yourself out there with a potentially well known port open.