Bug 212345 - vnc accepts shortened password
Summary: vnc accepts shortened password
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: vnc
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Adam Tkac
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-10-26 13:52 UTC by Need Real Name
Modified: 2013-04-30 23:34 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-12-05 08:16:11 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Need Real Name 2006-10-26 13:52:39 UTC
vnc server only checks that the first eight characters of a password match.

Comment 1 Adam Tkac 2006-10-27 11:08:00 UTC
yes, but I think eight-characters password is enough, isn't it??

Comment 2 Need Real Name 2006-10-27 12:41:47 UTC
Giving a user the false security of setting a long password, but actually
ignoring everything after the eighth character is a terrible idea.

Eight characters is definitely not enough.

Comment 3 Adam Tkac 2006-10-27 12:55:49 UTC
I think, nobody gives false security. Please, see $man vncpasswd...

From vncpasswd man page:
"The password must be at least six characters long, and only the first eight
characters are significant. Note that the stored password is not encrypted
securely - anyone who has access to this file can trivially find out the
plaintext password, so vncpasswd always sets appropriate  permissions  (read and
write only by the owner)"

But I'm going to add support to accept all characters in passwd

Comment 4 Need Real Name 2006-10-27 13:45:35 UTC
Thanks!

Comment 5 Adam Tkac 2006-12-05 08:16:11 UTC
In the end, after big thinking, I must deny your enhancement request. VNC uses
eight-character encryption key (password=key) and it's no way how use more than
8 characters without break rfb protocol compatibility. Please mail to RealVNC
about this request


Note You need to log in before you can comment on or make changes to this bug.