Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ultra VNC-3DES-is it secure

From: p1g <killfactory () gmail com>
Date: Tue, 22 Jan 2008 20:06:05 -0500
depending on what org you ask, 3des should be retired.
im not sure i would rate it as critical tho. maybe this time next year :)



On Jan 18, 2008 3:46 PM, pentestr <pentestr () gmail com> wrote:

hi hackers,
I am doing a VA/PT for one our client and found one of the servers is
using Ultra VNC. The ports (5800 & 5900) are open to Internet. Is it
secure against Man in the middle attack?
Do I need to report this as a CRITICAL/HIGH security issue..

Thanks & Rgds.
P.T.


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------






-- 
-p1g
SnortCP
  ,,__
o"     )~  oink oink
   ' ' ' '

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: