https://bugs.kde.org/show_bug.cgi?id=502865
Bug ID: 502865 Summary: Security/UX - Allow configuring VNC listen address to something other than 0.0.0.0/:: (Related to, but not a duplicate of #255740) Classification: Applications Product: krfb Version: 24.12.3 Platform: Arch Linux OS: Linux Status: REPORTED Severity: major Priority: NOR Component: general Assignee: grundleb...@googlemail.com Reporter: ty...@amick.us Target Milestone: --- SUMMARY Krfb does not allow the user to change the listen address from 0.0.0.0. The user should be able to configure Krfb to listen on a specific IP instead of every IP address on the system. To compound this, Krfb shows a "hint" IP that may erroneously lead the user to believe that the VNC server is only accessible on that IP address if they fail to read the informational dialog. Most people's primary use case for this feature would be listening on 127.0.0.1, so they can only connect through an SSH tunnel. A well known issue with the VNC protocol is that it only protects the password (weakly), leaving all graphical information, keystrokes, and mouse movements completely unprotected and able to be trivially captured with a tool like Wireshark. Having the ability to configure the listen address to force the usage of SSH as a transport completely eliminates this vector for eavesdropping. This approach is also officially recommended by the developers of TightVNC. [^1] Additionally, it would keep other devices on the network from probing at the VNC server. In addition to the above use case, my system has multiple interfaces and multiple IP addresses, and I want to be able to configure Krfb to listen on my primary LAN address instead of every interface on the system (some of which are not fully trusted). SUGGESTED FIX Krfb already allows changing the default port. If I were implementing this, I'd imagine the best UX would be to expand the port specification box so it will also optionally accept a full listen address (e.g. "5900" will still work, but ":5900", "127.0.0.1:5900", "::1:5900", "192.168.1.2:5900", "0.0.0.0:5900", etc. will all work as well). Additionally the "Connection Details" pane should reflect the actual listen address instead of randomly selecting a single IP on the system. If the user is using the default 0.0.0.0/:: listen addresses, it may also be helpful to display all possible listening addresses (or whichever ones have an associated default gateway) instead of selecting one seemingly randomly. FURTHER NOTES This bug is somewhat related to #255740, but it is not a duplicate. The user should be able to change the listen address to anything they want, including (but not limited to) localhost. I have near-zero familiarity with Qt or C++, but I'm willing to take a crack at writing a patch if anyone is willing to provide me with some guidance. Thanks for your consideration, --Tyler [^1]: https://www.tightvnc.com/faq.php#:~:text=In%20the%20mean%20time,untrusted%20networks -- You are receiving this mail because: You are watching all bug changes.