Have you guys found any security issues using single click?
One security hole I see that can be a problem as this becomes more mainstream is the lack of authentication for connecting to a remote PC.
The only security used is a public key which is the same exact key that is used by the tech admin. This can be a problem in that if the remote PC was somehow redirected to a different remote controller, there is no authentication type system to prevent the remote pc from being hacked/hijacked by another person.
Is there a solution for this? shouldn't be too difficult to secure, right?
Are there any other security issues that anyone else is aware of?
Thanks!
TKD
After more 2 000 000 (two million) views on forum for 1.5.0.x development versions... and 1.6.1.0, 1.6.3.0-dev versions
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is always welcome
2025-12-05: Celebrating the 23th anniversary of the UltraVNC (26th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38130
2025-12-03: Could you please complete our poll/survey? Renaming UltraVNC files and service to be more clear: https://forum.uvnc.com/viewtopic.php?t=38128
There was a problem to vote, it is solved now! Thanks in advance!
2025-12-02: We need help: English Wikipedia UltraVNC page has been requested to deletion: https://forum.uvnc.com/viewtopic.php?t=38127
Any help is welcome to improve the UltraVNC page and/or to comment on the Wikipedia Talk page
2025-05-06: Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
2023-09-21: Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC development is always here... Any help is welcome
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is always welcome
2025-12-05: Celebrating the 23th anniversary of the UltraVNC (26th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38130
2025-12-03: Could you please complete our poll/survey? Renaming UltraVNC files and service to be more clear: https://forum.uvnc.com/viewtopic.php?t=38128
There was a problem to vote, it is solved now! Thanks in advance!
2025-12-02: We need help: English Wikipedia UltraVNC page has been requested to deletion: https://forum.uvnc.com/viewtopic.php?t=38127
Any help is welcome to improve the UltraVNC page and/or to comment on the Wikipedia Talk page
2025-05-06: Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
2023-09-21: Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC development is always here... Any help is welcome
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Security Issues w/SC
Re: Security Issues w/SC
Security as in -TKD wrote:Have you guys found any security issues using single click?
One security hole I see that can be a problem as this becomes more mainstream is the lack of authentication for connecting to a remote PC.
The only security used is a public key which is the same exact key that is used by the tech admin. This can be a problem in that if the remote PC was somehow redirected to a different remote controller, there is no authentication type system to prevent the remote pc from being hacked/hijacked by another person.
Is there a solution for this? shouldn't be too difficult to secure, right?
Are there any other security issues that anyone else is aware of?
Thanks!
TKD
Securing the data being transmitted?
Securing the authentication requests?
Securing the client computer?
Securing the Tech computer?
Data transmission - Make up your own key. Change it as you feel necessary or create one key per client if you dont have a lot of clients.
Authentication requests - It allows the tech to control this since its initiated on the client side. You can allow or disallow connection with newest viewer in listen mode and new compiler.
Client computer Its initiated from them so it should be pretty secure, network sniffers may be able to pick up some info but I am not aware of how to hijack a session to view what is going on?? Has anyone?
Tech computer - If you cant secure it then you may not want to be putting yourself out there with a potentially well known port open.