Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise

[Joachim Schipper <j.schipper () math uu nl>]

On Mon, May 15, 2006 at 07:58:10AM -0500, Dixon, Wayne wrote:
> So what can be done about this exploit?  Does 4.1.2 protect against this
> vulnerability?  And what other mitigation procedures are available for
> this?

The best solution is not to run a VNC service using no more than it's
own authentication. Most offer only password auth, which is quite simply
insufficient. Use some auth scheme based on certificates or somesuch -
ssh, IPSec and OpenVPN all offer this capability.

                Joachim