http://phenoelit.de/fr/protos.html#VNC
Maybe there can be an option for compatible (insecure method) or new ultravnc password storing (with SHA1 or maybe SHA-256
). If you activate the secure option the old values have to be removed.CU
Mr Faber
After more 2 000 000 (two million) views on forum for 1.5.0.x development versions... and 1.6.1.0, 1.6.3.0-dev versions
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is always welcome
2025-12-14: 1.7.1.X-dev release builds need tests and feedback: https://forum.uvnc.com/viewtopic.php?t=38134
2025-12-02: We need help: English Wikipedia UltraVNC page has been requested to deletion: https://forum.uvnc.com/viewtopic.php?t=38127
Any help is welcome to improve the UltraVNC page and/or to comment on the Wikipedia Talk page
2025-05-06: Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
2023-09-21: Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC development is always here... Any help is welcome
Feedback is welcome
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is always welcome
2025-12-14: 1.7.1.X-dev release builds need tests and feedback: https://forum.uvnc.com/viewtopic.php?t=38134
2025-12-02: We need help: English Wikipedia UltraVNC page has been requested to deletion: https://forum.uvnc.com/viewtopic.php?t=38127
Any help is welcome to improve the UltraVNC page and/or to comment on the Wikipedia Talk page
2025-05-06: Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
2023-09-21: Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC development is always here... Any help is welcome
Feedback is welcome
VNC very insecure
VNC very insecure
Is it possible to use SHA1 or an other secure hash instead of the old method because it seems to be very easy to crack the password from the registry.
http://phenoelit.de/fr/protos.html#VNC
Maybe there can be an option for compatible (insecure method) or new ultravnc password storing (with SHA1 or maybe SHA-256 ). If you activate the secure option the old values have to be removed.
CU
Mr Faber
http://phenoelit.de/fr/protos.html#VNC
Maybe there can be an option for compatible (insecure method) or new ultravnc password storing (with SHA1 or maybe SHA-256
). If you activate the secure option the old values have to be removed.CU
Mr Faber
-
Rudi De Vos
- Admin & Developer
- Posts: 6987
- Joined: 2004-04-23 10:21
- Contact:
Direct registry hacking
The risk is limited, you need a standard windows password to get access to the registry.
If you can get access, you can change the password without
the need to crack it.
If you have physical access, you can boot from a linux cdrom
and even change the administrator account. AFter that you can do what you want.
Net sniffering and packet capturing
This is possible, for external connections you should always use some kind of extra encryption.
If somebody insite you network is capable of doing this, be sure he has 100 other ways of getting access. 99% of the security breaks are caused by users, how many bosses have there password on the bottom of there keyboard, or secured document are printed and left on the desk.
The risk is limited, you need a standard windows password to get access to the registry.
If you can get access, you can change the password without
the need to crack it.
If you have physical access, you can boot from a linux cdrom
and even change the administrator account. AFter that you can do what you want.
Net sniffering and packet capturing
This is possible, for external connections you should always use some kind of extra encryption.
If somebody insite you network is capable of doing this, be sure he has 100 other ways of getting access. 99% of the security breaks are caused by users, how many bosses have there password on the bottom of there keyboard, or secured document are printed and left on the desk.
Re: VNC very insecure
As long as we're on the subject when will the file transfer require a password before allowing a connection and file transfers?Mr Faber wrote:Is it possible to use SHA1 or an other secure hash instead of the old method because it seems to be very easy to crack the password from the registry.
http://phenoelit.de/fr/protos.html#VNC
Maybe there can be an option for compatible (insecure method) or new ultravnc password storing (with SHA1 or maybe SHA-256
CU
Mr Faber