UltraVNC password security
Posted on 2008-10-29
I currently use UltraVNC in my domain as a help desk tool. Originally, it was set up just to use a password, but we have become increasingly concerned with the security of using just a password, so the decision has been made to use MS Logon so that only Domain Admins can even access the program.
A concern was voiced by the newest member of our department, saying that UltraVNC transmits it's authentication data in clear text, making it easy to intercept, and perhaps disclosing enterprise admin logon credentials.
On a side note, we are in a government installation, consequently, access from the outside is not possible, except via VPN.
Can anyone shed some light on this one for me?