I see in the change information for version 1.1.0.0 it says this:
-security fix ( encryption plugin + vnc passwd : password can be broken)
I was curious to the nature of this as it relates to running the current non-beta version (1.0.9.6.2). Is this an issue specifically related to using an encryption plugin... meaning that if a plugin is used then the password can be broken? In that case would it be better to run it without the encryption plugin?
After more 2 000 000 (two million) views on forum for 1.5.0.x development versions... and 1.6.1.0, 1.6.3.0-dev versions
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is always welcome
2025-12-05: Celebrating the 23th anniversary of the UltraVNC (26th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38130
2025-12-03: Could you please complete our poll/survey? Renaming UltraVNC files and service to be more clear: https://forum.uvnc.com/viewtopic.php?t=38128
There was a problem to vote, it is solved now! Thanks in advance!
2025-12-02: We need help: English Wikipedia UltraVNC page has been requested to deletion: https://forum.uvnc.com/viewtopic.php?t=38127
Any help is welcome to improve the UltraVNC page and/or to comment on the Wikipedia Talk page
2025-05-06: Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
2023-09-21: Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC development is always here... Any help is welcome
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is always welcome
2025-12-05: Celebrating the 23th anniversary of the UltraVNC (26th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38130
2025-12-03: Could you please complete our poll/survey? Renaming UltraVNC files and service to be more clear: https://forum.uvnc.com/viewtopic.php?t=38128
There was a problem to vote, it is solved now! Thanks in advance!
2025-12-02: We need help: English Wikipedia UltraVNC page has been requested to deletion: https://forum.uvnc.com/viewtopic.php?t=38127
Any help is welcome to improve the UltraVNC page and/or to comment on the Wikipedia Talk page
2025-05-06: Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
2023-09-21: Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC development is always here... Any help is welcome
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Security Fix Question
Re: Security Fix Question
I was also having hard time finding specifics about this fix. The closest I came to the explanation was from the history screen of 1.1.0.0 installer:
And also clarify if encryption plugin + new ms login combo in 1.0.9.6.2 is vulnerable to the same attack.
Thank you
I guess that still doesn't answer your question. So I too would appreciate if someone could shed the light on this.-new vncpasswd + encryption.
Instead of using the password as part of the encryption, we now check the password insite the encryption by the server. This allow the server to balcklist servers after x fault password.
WARNING: If using encryption plugin + vncpassword you better upgrade. No protection against Brute force password hacking."
And also clarify if encryption plugin + new ms login combo in 1.0.9.6.2 is vulnerable to the same attack.
Thank you