Full Disclosure mailing list archives
Re: VNC viewers: Clipboard of host automatically sent to remote machine
From: Ben Bucksch <news () bucksch org>
Date: Tue, 24 Jan 2012 19:38:51 +0100
On 24.01.2012 19:18, Mario Vilas wrote:
You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious
If I have a VNC window somewhere on my desktop (in my case a virtual desktop or minimized), and continue with my work, 3 hours later when I work on some document or use some webapp, I don't remember that I have VNC session open and no, it's not obvious at all that this other host can read the communication between my local apps.
On top of that, the attack scenario doesn't sound too good either. I fail to see why would you need to copy&paste a password to access an untrusted machine and then worry that machine might get to see the password to itself.
You misunderstood. The remote machine can see *any* clipboard entries, even if I do something entirely different in a completely different application. I am browsing or using SSH and paste my password there, because the FF password manager failed, or I'm in a word processor or email app and write some document, which is entirely unrelated to the VNC session. I haven't looked at the VNC host since hours (but I have it constantly open for tasks that I need to do with untrusted software in a jail). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: VNC viewers: Clipboard of host automatically sent to remote machine, (continued)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Gage Bystrom (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Carlos Pantelides (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Dan Yefimov (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine GloW - XD (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine GloW - XD (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine coderman (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Mario Vilas (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Ben Bucksch (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Mario Vilas (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Ben Bucksch (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Mario Vilas (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Peter Osterberg (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Peter Osterberg (Jan 25)
- Message not available
- Message not available
- Re: VNC viewers: Clipboard of host automatically sent to remote machine GloW - XD (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Peter Osterberg (Jan 25)