On Wed, 24 Jan 2001, vnc-list-digest wrote:
<SNIP>
> Date: Tue, 23 Jan 2001 18:49:31 -0300
> From: =?iso-8859-1?Q?Iv=E1n_Arce?= <[EMAIL PROTECTED]>
> Subject: [CORE SDI ADVISORY] Weak authentication in ATT's VNC
>
> CORE SDI
> http://www.core-sdi.com
>
> Vulnerability report for weak authentication in ATT VNC
>
> Technical Description:
>
> 1. Man in the middle attack against client/server authentication
>
> - 'M' waits for a connection from a legit client 'C' to 'S'
<SNIP>
Thanks for posting to the list. Question: Until we can implement vnc
tunnelling via ssh for our user base (we just started using winvnc here)
will using the AuthHost registry hack, as we currently do,
(example: "-:+www.xxx.yyy") prevent 'M' from being able to 'wait for a
connection from a legit client'? TIA.
***********
Jerry Coker
Computer Network Support
Career Services Center
University of Georgia
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
