Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 212345 - vnc accepts shortened password
vnc accepts shortened password
Product: Fedora
Classification: Fedora
Component: vnc (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Adam Tkac
David Lawrence
Depends On:
  Show dependency treegraph
Reported: 2006-10-26 09:52 EDT by Need Real Name
Modified: 2013-04-30 19:34 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-12-05 03:16:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2006-10-26 09:52:39 EDT
vnc server only checks that the first eight characters of a password match.
Comment 1 Adam Tkac 2006-10-27 07:08:00 EDT
yes, but I think eight-characters password is enough, isn't it??
Comment 2 Need Real Name 2006-10-27 08:41:47 EDT
Giving a user the false security of setting a long password, but actually
ignoring everything after the eighth character is a terrible idea.

Eight characters is definitely not enough.
Comment 3 Adam Tkac 2006-10-27 08:55:49 EDT
I think, nobody gives false security. Please, see $man vncpasswd...

From vncpasswd man page:
"The password must be at least six characters long, and only the first eight
characters are significant. Note that the stored password is not encrypted
securely - anyone who has access to this file can trivially find out the
plaintext password, so vncpasswd always sets appropriate  permissions  (read and
write only by the owner)"

But I'm going to add support to accept all characters in passwd
Comment 4 Need Real Name 2006-10-27 09:45:35 EDT
Comment 5 Adam Tkac 2006-12-05 03:16:11 EST
In the end, after big thinking, I must deny your enhancement request. VNC uses
eight-character encryption key (password=key) and it's no way how use more than
8 characters without break rfb protocol compatibility. Please mail to RealVNC
about this request

Note You need to log in before you can comment on or make changes to this bug.