There is a CORE SDI advisory about the VNC authentication protocol and how it is vulnerable to a man in the middle attack. This advisory was for 3.3.3. Has it been corrected in the current implementations?
thanks -- Chris Hare, CISSP, CISA [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
