On 09:47 PM 10/18/2006 +0100, it would appear that James Weatherall wrote:
Tyran,
As previous stated, the Service-Mode password is protected by registry
permissions, such that only Administrators may access it, so in practice
this isn't an issue. The User-Mode password is similarly protected.
While that may be true of current RealVNC installations, that has not
always been the case with VNC. Regardless, if the current user can
read the key, the current user has full access to the clear text
password via SIW and likely other similar utilities.
Clearly, either Dieter is not using a current version of RealVNC or
the permissions you're setting on that registery key are ineffective
when it comes to preventing it from being decrypted. Which the case
is, I cannot say, you'll have to ask Dieter.
> -----Original Message-----
> From: Tyran Ormond [mailto:[EMAIL PROTECTED]
> Sent: 18 October 2006 19:25
> To: James Weatherall
> Subject: RE: personal edition: password visible??
>
> On 06:48 PM 10/18/2006 +0100, it would appear that James
> Weatherall wrote:
> >Dieter,
> >
> >Can you be more specific as to what you're referring to?
> >
> >The VNC Password is stored in an obfuscated form in the registry, and
> >protected so that only Administrators have access to it. Is
> that what you
> >mean?
>
> I went and downloaded SIW from http://www.gtopala.com as Dieter
> mentioned. The program reads the VNC password entry in the Windows
> Registry and shows that password, in the clear, under SIW's
> Secrets category.
>
> The problem this creates is that any user can quickly and easily
> download SIW (it's only 1.2 MB), check the VNC password on their
> local machine and then they have access to any other machine using
> that same VNC password.
>
>
> Tyran Ormond
> Programmer/LAN Administrator
> Central Valley Water Reclamation Facility
> [EMAIL PROTECTED]
>
Tyran Ormond
Programmer/LAN Administrator
Central Valley Water Reclamation Facility
[EMAIL PROTECTED]
_______________________________________________
VNC-List mailing list
[email protected]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
