As probably most RU users would not know, currently the handshake between RU-Server and RU-Viewer/Host is not fully encrypted. This leads to metadata leakage.
Leaked metadata on handshake includes, but is not limited to:
- the product version
- protocol version
- the device name
- license information (license key?)
- whether or not an RU agent is running
- whether or not RU is running as admin
- the OS version
- internal IPs
- etc.
To verify my claim, download Wireshark to your RU-Viewer system and capture the traffic on/to port 5655. Now startup the RU Viewer and watch for XML-messages in the captured network stream.
According to support, change for this is coming, but no ETA can be estimated. For me this translates to: this is clearly not a priority to the devs. As I have paid for a Pro-License, I'm really not very amused about this.
What does the community think about this?
