RE: Ultra VNC-3DES-is it secure

From: Israel Ochoa (israel@telvista.com.mx)
Date: Tue Jan 22 2008 - 14:44:17 EST

• Next message: Matthew Leeds: "Re: Question re: load balancers as a security device"
• Previous message: Steev Klimaszewski: "Re: Thoughts of the paranoid on the call centre security."
• Maybe in reply to: pentestr: "Ultra VNC-3DES-is it secure"
• Next in thread: p1g: "Re: Ultra VNC-3DES-is it secure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

>> Is it secure against Man in the middle attack?
No.

It's kind of insecure, that's because with a "man-in-the-middle" attack you can get the hash of the VNC password (i.e. using Cain) and then using a dictionary or brute force attack you can guess the password, that depends if it is complex or not, and take control of that computer.
Using a sniffer and the same attack you can view all data between VNC client and server.

>> Do I need to report this as a CRITICAL/HIGH security issue..

IMHO Yes, you can consider this as a high issue.

If your client still want to use VNC as a remote connection solution, they can use the AES plugin for UltraVNC.

Israel Ochoa

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On Behalf Of pentestr
Sent: Viernes, 18 de Enero de 2008 12:46 p.m.
To: Pentest Mailinglist
Subject: Ultra VNC-3DES-is it secure

hi hackers,
I am doing a VA/PT for one our client and found one of the servers is
using Ultra VNC. The ports (5800 & 5900) are open to Internet. Is it
secure against Man in the middle attack?
Do I need to report this as a CRITICAL/HIGH security issue..

Thanks & Rgds.
P.T.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

______________________________________________________________________
This e-mail has been scanned by MCI Managed Email Content Service, using Skeptic(tm) technology powered by MessageLabs. For more information on MCI's Managed Email Content Service, visit http://www.mci.com.
______________________________________________________________________ --------------------------------------------------------

          TELVISTA CERTIFIED

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Matthew Leeds: "Re: Question re: load balancers as a security device"
• Previous message: Steev Klimaszewski: "Re: Thoughts of the paranoid on the call centre security."
• Maybe in reply to: pentestr: "Ultra VNC-3DES-is it secure"
• Next in thread: p1g: "Re: Ultra VNC-3DES-is it secure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:21 EDT