From: Randy Wyatt (rwwyatt01@gmail.com)
Date: Tue Jan 22 2008 - 19:50:24 EST
On Jan 18, 2008 12:46 PM, pentestr <pentestr@gmail.com> wrote:
> hi hackers,
> I am doing a VA/PT for one our client and found one of the servers is
> using Ultra VNC. The ports (5800 & 5900) are open to Internet. Is it
> secure against Man in the middle attack?
> Do I need to report this as a CRITICAL/HIGH security issue..
>
> Thanks & Rgds.
> P.T.
>
Personally, I would rate it as a critical issue. There are a number
of much more secure solutions
to remote server administration rather than ultra-vnc. I have not
reviewed the actual SSL plugin, but that can always be checked for
existing vulnerabilities depending on the version of OpenSSL
implemented.
Regards,
Randy
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:21 EDT