Security Basics mailing list archives

VNC Security

From: "Steve Bostedor" <Steveb () tshore com>
Date: Tue, 19 Apr 2005 08:29:49 -0400

I'd like to know if anyone has any working examples of why an
unencrypted VNC session over the Internet is seen as such a horrible
security risk.  I understand that unencrypted ANYTHING over the Internet
lends the chance for someone to decode the packets (assuming that they
capture every one of them) but in reality, what are the real risks here
and has anyone successfully captured a VNC session from more than 2
router hops away and actually gotten any meaningful information from it?

I've captured a big chunk of a LOCAL session using Ethereal and the only
thing that I can see that is usable is the password exchange.  Agreed
that this could be a problem if someone just happened to be sniffing
your local LAN segment at that exact moment and happened to capture your
encrypted VNC password, he could crack the password and log in himself.
But how paranoid is it to go through all of the trouble of setting up
SSH to avoid that when you could just change your VNC password often and
make sure that your local LAN is reasonably secure from prying eyes?

How about once it gets out on the Internet?  Packets bounce all over the
place on the Internet.  What are the odds that someone out there will
pick your VNC packets out of all of the millions of packets running
through the back bone routers without being noticed, capture enough of
them to possibly replay a session, and actually have the patience or the
tools to do so.  I've scoured the web out of this curiosity, looking for
a tool to put VNC packets together into something useful for a hacker.
There's nothing.  Nada.  

So, I guess that what I'm asking is; what all of the fuss is about?
Your POP3 password likely gets passed unencrypted but we're being asked
to be paranoid about an encrypted VNC password?  This is all coming from
a discussion that I had with someone over the merits of using SSH with
VNC over the internet for a 10 minute VNC session.

Does anyone have anything that's not hypothetical?  Is there a tool that
I'm missing out there that does more than just crack a VNC password?
Does anyone know of any reported security breaches where VNC was a
weakness?

Current thread:

VNC Security Steve Bostedor (Apr 19)
- Re: VNC Security Andy Bruce - softwareAB (Apr 19)
  - Re: VNC Security Bart Crijns (Apr 20)
  - Re: VNC Security Mark Owen (Apr 20)
  - Re: VNC Security Zachary Mutrux (Apr 20)
    - Re: VNC Security Scott C. Best (Apr 27)
  - Re: VNC Security Mike Miller (Apr 26)
    - Re: VNC Security Andy Bruce - softwareAB (Apr 26)
    - Re: VNC Security Mike Miller (Apr 26)
- Re: VNC Security Alexander Bolante (Apr 20)
- Re: VNC Security Times Enemy (Apr 20)

(Thread continues...)