VULHUB ™

AT&T's VNC (Virtual network Computing) package is similar to Xwindows in that it is a remote, graphical interface. It is freeware, available from AT&T Cambridge. The authentication system used by VNC uses a weak encryption algorithm that can be easily brute-forced. A static key is used, and all passwords are truncated to 8 characters. If the encrypted passwords can be obtained, it would be trivial to decrypt them. In the NT version of VNC, encrypted passwords are kept in the \HKEY_CURRENT_USER\Software\ORL\WinVNC3 and \HKEY_USERS\.DEFAULT\SOftware\ORL\WinVNC3 registry keys, and 3DES encrypted with the key 23 82 107 6 35 78 88 7.

AT&T's VNC (Virtual network Computing) package is similar to Xwindows in that it is a remote, graphical interface. It is freeware, available from AT&T Cambridge. The authentication system used by VNC uses a weak encryption algorithm that can be easily brute-forced. A static key is used, and all passwords are truncated to 8 characters. If the encrypted passwords can be obtained, it would be trivial to decrypt them. In the NT version of VNC, encrypted passwords are kept in the \HKEY_CURRENT_USER\Software\ORL\WinVNC3 and \HKEY_USERS\.DEFAULT\SOftware\ORL\WinVNC3 registry keys, and 3DES encrypted with the key 23 82 107 6 35 78 88 7.