Bug 1569552 - vinagre does not accept passwords longer than 20 characters
Summary: vinagre does not accept passwords longer than 20 characters
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: vinagre
Version: 7.5
Hardware: Unspecified
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Marek Kašík
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks: 1656436 1689273
TreeView+ depends on / blocked
 
Reported: 2018-04-19 13:27 UTC by Joe Wright
Modified: 2020-09-29 08:23 UTC (History)
8 users (show)

Fixed In Version: vinagre-3.22.0-12.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1689273 (view as bug list)
Environment:
Last Closed: 2019-08-06 12:59:59 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3418471 0 None None None 2018-04-19 13:42:30 UTC
Red Hat Product Errata RHSA-2019:2157 0 None None None 2019-08-06 13:00:14 UTC

Description Joe Wright 2018-04-19 13:27:51 UTC 
Description of problem:
- vinagre does not accept extra long passwords. 

Version-Release number of selected component (if applicable):
- all versions

How reproducible:
- 100%

Steps to Reproduce:
1. Run Vinagre
2. attempt to establish an RDP connection using a password greater than 20 characters
3.

Actual results:
- cannot use passwords greater than 20 characters

Expected results:
- valid passwords are accepted regardless of length

Additional info:


From source:
static gboolean
frdp_authenticate (freerdp  *instance,
                   char    **username,
                   char    **password,
                   char    **domain)
{
  VinagreTab           *tab = VINAGRE_TAB (((frdpContext *) instance->context)->rdp_tab);
  VinagreRdpTab        *rdp_tab = VINAGRE_RDP_TAB (tab);
  VinagreRdpTabPrivate *priv = rdp_tab->priv;
  VinagreConnection    *conn = vinagre_tab_get_conn (tab);
  GtkWindow            *window = GTK_WINDOW (vinagre_tab_get_window (tab));
  gboolean              save_in_keyring = FALSE;
  gchar                *keyring_domain = NULL;
  gchar                *keyring_username = NULL;
  gchar                *keyring_password = NULL;

....

 if (vinagre_utils_request_credential (window,
                                        "RDP",
                                        vinagre_connection_get_host (conn),
                                        vinagre_connection_get_domain (conn),
                                        vinagre_connection_get_username (conn),
                                        TRUE,
                                        TRUE,
                                        TRUE,
                                   ===>      20, 0 // hardcoded to 20 chars
                                        domain,
                                        username,
                                        password,
                                        &save_in_keyring))

----------------

invoking freerdp directly does not exhibit the password length limitation, so this is merely an arbitrary hardcoded limit of 20 characters, and I am not aware of any password limit on RDP outside of the MS Windows maximums, which for Windows 10 are as follows:

Windows represents passwords in 256-character UNICODE strings. The logon dialog is limited to 127 characters, however.
Source:
http://www.thewindowsclub.com/maximum-length-of-password-windows-10
Comment 2 Marek Kašík 2018-04-24 11:24:03 UTC 
Hi, thank you for this report. It seems that FreeRDP does not limit length of passwords. Just some of its clients limit it to 512 characters.
Comment 3 Kodiak Firesmith 2018-08-21 14:40:35 UTC 
Sysadmin for a medium sized paying RHEL customer here.  I have a user complaining about this, so... +1
Comment 10 errata-xmlrpc 2019-08-06 12:59:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:2157
Note You need to log in before you can comment on or make changes to this bug.