Bug 1506689 - Reject VNC passwords over 8 characters
Summary: Reject VNC passwords over 8 characters
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Virtualization Tools
Classification: Community
Component: libvirt
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
Assignee: Libvirt Maintainers
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-10-26 14:40 UTC by Jon Derrick
Modified: 2022-11-15 14:57 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-11-15 14:57:23 UTC
Embargoed:

Attachments (Terms of Use)

Description Jon Derrick 2017-10-26 14:40:04 UTC 
Description of problem:
To my surprise, I could use a VNC password in my VM over 8 characters and only needed to enter the first 8 characters.

Daniel informed me that VNC has a maximum effective password length of 8 characters, and that anything over 8 characters is discarded.

It might be helpful if virsh could reject a VNC passwd over 8 characters to avoid surprising users like myself.

Version-Release number of selected component (if applicable):
Virsh 3.2.1

How reproducible:
100%

Steps to Reproduce:
1. Define VM XML with VNC display and passwd over 8 characters
2. Start VM
3. Login to VNC with first 8 characters of passwd

Actual results:
It's only required to enter the first 8 characters of the VNC password

Expected results:
Reject the VM XML that uses a VNC password > 8 characters

Additional info:
Comment 1 Daniel Berrangé 2021-12-16 11:17:45 UTC 
https://listman.redhat.com/archives/libvir-list/2021-December/msg00717.html
Comment 2 Daniel Berrangé 2022-11-15 14:57:23 UTC 
Committed for 8.0.0 as:

commit 27c1d06b5bd68bdce55efff0a50a15a30cb2a96b
Author: Daniel P. Berrangé <berrange>
Date:   Thu Dec 16 10:20:37 2021 +0000

    qemu: validate VNC password length
Note You need to log in before you can comment on or make changes to this bug.