You do have to authenticate against the server or hijack the session (hard on most platforms today with good random ISS generation, but not 95 or 98 or NT < ~4.0 SP4)... and the RFB protocol doesn't allow mutual authentication, so it's no greater risk than before. The MITM stuff has been present since the RFB 3.x protocol was set in stone a while ago.
Sure it's possible to authenticate against a nasty server if they have discovered your password. Mutual authentication is something that SRP solves, which is one of the reasons I've chosen it in RFB 4.x. I really should get off my huge arse and finish that. :-) SECSH also solves it, but it's still being ratified. Andrew -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jonathan Morton Sent: Friday, 15 March 2002 12:03 AM To: [EMAIL PROTECTED] Subject: RE: VNC zlib Advisory draft 1 >The prerequisites required to allow this exploit are: ...or a rogue server that is imitating a known server. Man in the middle attack is therefore possible. -- -------------------------------------------------------------- from: Jonathan "Chromatix" Morton mail: [EMAIL PROTECTED] (not for attachments) website: http://www.chromatix.uklinux.net/ geekcode: GCS$/E dpu(!) s:- a21 C+++ UL++ P L+++ E W+ N- o? K? w--- O-- M++$ V? PS PE- Y+ PGP++ t- 5- X- R !tv b++ DI+++ D G e+ h+ r++ y+(*) tagline: The key to knowledge is not to rely on people to teach you it. --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html --------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
