Menu
▾
▴
#1509 Attach Listening Viewer, reverse connections: why does it ask a password to the user?
Hi Constantin
Sorry to bother you, but I think this is an obvious security problem.
TightVnc is installed and a password is setup.
This is the password used by IT people (who gives assistance) to access the pc of the colleagues (requesting for assistance).
So it is a passwork known only to the first group of persons.
Now, in specific network configurations, it is possible to use VNC via "reverse" connections.
I have two questions:
1) Why bother the end user asking for a password?
It isn't beneficial to her/him.
The user has to start the session clicking on "Attach Listening Viewer", so
- it is obvious she/he wants assistance
- end users need to ask to IT the remote IP address and digit it; they are prone to errors, don't ask them also a password.
2) Why is this password the same as the password used for "direct" connections ?
If you think it is useful to have a password for "reverse" connection, I have to disagree it is the same value as the password for the normal connections.
They are passwords used by two different group of people.
End users should not know the password to initiate direct connections to the pc of other users!
What do you think about this security concern?
I suggest two possible solutions:
1) Remove the prompt for a password for "reverse" connections
2) Add another specific password field in the configuration, used only for "Attach Listening Viewer".
In my case I will let that value empty.
Other users will set the value the same as / different than the password for "direct" connections.
Many thanks for your attention, Massimo.
