Penetration Testing mailing list archives
Re: Ultra VNC-3DES-is it secure
From: p1g <killfactory () gmail com>
Date: Tue, 22 Jan 2008 20:06:05 -0500
depending on what org you ask, 3des should be retired. im not sure i would rate it as critical tho. maybe this time next year :) On Jan 18, 2008 3:46 PM, pentestr <pentestr () gmail com> wrote:
hi hackers, I am doing a VA/PT for one our client and found one of the servers is using Ultra VNC. The ports (5800 & 5900) are open to Internet. Is it secure against Man in the middle attack? Do I need to report this as a CRITICAL/HIGH security issue.. Thanks & Rgds. P.T. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
-- -p1g SnortCP ,,__ o" )~ oink oink ' ' ' ' If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Ultra VNC-3DES-is it secure pentestr (Jan 22)
- Re: Ultra VNC-3DES-is it secure p1g (Jan 23)
- Re: Ultra VNC-3DES-is it secure Randy Wyatt (Jan 23)
- RE: Ultra VNC-3DES-is it secure Shenk, Jerry A (Jan 23)
- <Possible follow-ups>
- RE: Ultra VNC-3DES-is it secure Israel Ochoa (Jan 23)