Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise
On Mon, May 15, 2006 at 07:58:10AM -0500, Dixon, Wayne wrote:
> So what can be done about this exploit? Does 4.1.2 protect against this
> vulnerability? And what other mitigation procedures are available for
> this?
The best solution is not to run a VNC service using no more than it's
own authentication. Most offer only password auth, which is quite simply
insufficient. Use some auth scheme based on certificates or somesuch -
ssh, IPSec and OpenVPN all offer this capability.
Joachim