Now it might have been an older version of tight VNC running on an XP machine as the audit was a year and a half ago and we still had a few xp machines running around.Dameware Mini Remote Control is a very powerful remote control software based on NT core services developed by SolarWinds Worldwide from Australia. I am not sure where they found the password in plain text but I do know that it was a finding. Kevin - I too looked at those keys and the password is encrypted there. I would like to know if the OP could supply the location of these other clear text passwords that the auditors found. This also confirms what TightVNC has on their website FAQ. I can verify that with TightVNC 2.7.10 both of the registry keys referenced above are present and the password is encrypted, presumably using DES. I was in the process of testing something in TightVNC for a customer, so this discussion is timely. *I'm fairly sure these are correct but if not you may have to check with TightVNC.
If the password is obfuscated (not in clear text) then it will appear as random string of characters. "HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server", "ControlPassword" This is for password to lock the 'options' "HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server", "Password"Ģ. In order to be sure you can check the registry*: Person never called me back so that is a huge strike against them already. Looking at Bomgar but I have heard the price it outrageous and there sales During out demo we couldn’t get it to work and now weĪre back to the beginning of our search for a tool that can do all of this. But All we canįind is that Dameware relies on windows permissions and security which is not goodĮnough for our industry. On the other hand we want our IT team to have all of theseĭameware and we were told by Solar Winds that it would do this. To only be able to view a session and maybe use the chat feature. We are too afraid that if they can, they will Has such as file transfers, or the ability to start and stop services. Permission but we cannot let them have access to all the features that Dameware Of our non-IT trainers to be able to login and view sessions with the users The ability to control what our technicians can do. We have been looking at Dameware but it apparently doesn’t offer That is most secure and allows for us to have granular control to whatĮncrypt the sessions, the chat function, and saved credentials. We are looking for a new remote support tool ever since ourĪuditors found that VNC is storing the passwords in plain text.
0 kommentar(er)
