Red Hat Bugzilla – Bug 212345
vnc accepts shortened password
Last modified: 2013-04-30 19:34:03 EDT
vnc server only checks that the first eight characters of a password match.
yes, but I think eight-characters password is enough, isn't it??
Giving a user the false security of setting a long password, but actually
ignoring everything after the eighth character is a terrible idea.
Eight characters is definitely not enough.
I think, nobody gives false security. Please, see $man vncpasswd...
From vncpasswd man page:
"The password must be at least six characters long, and only the first eight
characters are significant. Note that the stored password is not encrypted
securely - anyone who has access to this file can trivially find out the
plaintext password, so vncpasswd always sets appropriate permissions (read and
write only by the owner)"
But I'm going to add support to accept all characters in passwd
In the end, after big thinking, I must deny your enhancement request. VNC uses
eight-character encryption key (password=key) and it's no way how use more than
8 characters without break rfb protocol compatibility. Please mail to RealVNC
about this request