Question : VNC Security Issues

Does anyone know of any potential security issues with VNC? We are considering using it in our enterprise.

Answer : VNC Security Issues

The authors don't bill VNC as being a robustly secure product. But it can be very valuable when used correctly. I agree with fusionscom: don't use outside of a firewall. In many cases it is fine on an internal network--I use it on most of mine. But here are a few issues that might give one pause in some cases. I'm sure if any of these issues have been fixed, someone will correct me.

1) A local user on a computer hosting VNC server can figure out the password relatively easily from the registry. There are tools for this on the internet.

2) No tracking of failed logon attempts. Newer versions do prevent an automated program from guessing passwords at high speed. But if someone on your network downloaded and ran a password guessing program, it can run day after day until it found the right one. The fact that it ONLY uses a password, rather than username and password, makes this easier than some systems.

3) The traffic is not encrypted, allowing snoopers.

On the networks I administer, these issues don't make me lose sleep. So I use VNC. I also use it over a VPN. But you can see how 2 & 3 might be a problem if you allowed direct internet access.

Random Solutions

301 redirect in IIS non-www to www

Itermittently losing connection to the SBS 2003 local IP Address

Problem using Linksys wrt54g router as access point.

Problems installing exchange 2007

connect to RDP or VNC from work to home through corporate firewall

How to make clients roam seamlessly between APs?

Cisco 7941G/7942G/7945G won't boot after a factory reset (DHCP Problems)

how can make load balance for one web site with two ISP

Moving User Profiles in Windows XP from one machine to another