VNC passwords

Wed 12 March 2014

We like to think of VNC passwords as encrypted; but when you consider that they're encrypted using DES (a weak encryption algorithm) with a key that is hardcoded... Well... That pretty much makes VNC passwords encoded and not encrypted. There are a few VNC password revealers out there, such as vncpwd or VNCPassView, the former can be used in Linux and the latter in Windows. A prerequisite to using these is that you have access to the VNC passwd file and/or registry. Other tools exist to snarf the VNC password out of network captures.