Passwords in VNC Personal Edition for Windows

James Weatherall jnw "at" realvnc.com
Wed Oct 18 21:59:03 2006 

Garth,

I'm afraid I don't understand what this has to do with VNC Personal Edition.

As we publicised in May, VNC Free Editions 4.1 & 4.1.1 has a security
vulnerability, which was patched in version 4.1.2, release on May 12th.  If
your remaining Free Edition system is running one of those versions, you
need to upgrade it.

Regards,

Wez @ RealVNC Ltd.


> -----Original Message-----
> From: vnc-list-admin "at" realvnc.com 
> [mailto:vnc-list-admin "at" realvnc.com] On Behalf Of Garth A. Reid
> Sent: 18 October 2006 19:10
> To: 'James Weatherall'; vnc-list "at" realvnc.com
> Subject: RE: Passwords in VNC Personal Edition for Windows
> 
> Hi James,
> 
> At the time of the two incidents, they were running the free 
> version of
> RealVNC. 
> 
> As they were working on their systems, the mouse cursor 
> started moving and
> clicking on things that the owner of the system wasn't doing.
> 
> Since the first such incident, I've upgraded my system and 
> two other systems
> to VNC Personal Edition P4.2.6 and set a preference for 
> encrypted. For the
> system involved in the second incident, I've changed their 
> free edition to
> "Prompt local user to accept connections." They had another 
> attempt that
> they stopped by not accepting the connection.
> 
> Please let me know if you need more information.
> 
> Regards,
> -g  
> 
> -----Original Message-----
> From: James Weatherall [mailto:jnw "at" realvnc.com] 
> Sent: Wednesday, October 18, 2006 11:50 AM
> To: 'Garth A. Reid'; vnc-list "at" realvnc.com
> Subject: RE: Passwords in VNC Personal Edition for Windows
> 
> Hi Garth,
> 
> When you sau "have had unexpected connections to their 
> machines", can you be
> more specific as to what exactly is happening?
> 
> Are the affected systems running VNC Personal Edition P4.2.3 or newer?
> 
> Regards,
> 
> Wez @ RealVNC Ltd.
>  
> 
> > -----Original Message-----
> > From: vnc-list-admin "at" realvnc.com
> > [mailto:vnc-list-admin "at" realvnc.com] On Behalf Of Garth A. Reid
> > Sent: 18 October 2006 17:57
> > To: vnc-list "at" realvnc.com
> > Subject: Passwords in VNC Personal Edition for Windows
> > 
> > I understand that RealVNC doesn't pass the password from 
> the Viewer to 
> > the Server in clear text. But I've had two instances where 
> people I've 
> > set up with RealVNC have had unexpected connections to 
> their machines. 
> > If these unauthorized users didn't pick up the passwords in 
> clear text 
> > transmissions, then how did they manage to connect? It appears that 
> > they were able to get the password.
> >   
> > Thanks,
> > Garth
> > _______________________________________________
> > VNC-List mailing list
> > VNC-List "at" realvnc.com
> > To remove yourself from the list visit:
> > http://www.realvnc.com/mailman/listinfo/vnc-list
> _______________________________________________
> VNC-List mailing list
> VNC-List "at" realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list