On Mon, May 15, 2006 at 07:58:10AM -0500, Dixon, Wayne wrote: > So what can be done about this exploit? Does 4.1.2 protect against this > vulnerability? And what other mitigation procedures are available for > this? The best solution is not to run a VNC service using no more than it's own authentication. Most offer only password auth, which is quite simply insufficient. Use some auth scheme based on certificates or somesuch - ssh, IPSec and OpenVPN all offer this capability. Joachim
