On Thu, Mar 14, 2002, Jonathan Morton wrote: > > > A rogue server could ask for a password, send a challenge, and then > ignore the response and just let you in, and then set up the exploit > on the viewer.
That is an excellent point. Another way a client would be particularly vulnerable is if it is in listen mode. Any rogue server could connect to it without requiring any authentication. -- Mike Ossmann, Tarantella/UNIX Engineer/Instructor Alternative Technology, Inc. http://www.alttech.com/ --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
