TightVNC / Bugs / #1428 accepted passwords 'starting with', not 'equal'

#1428 accepted passwords 'starting with', not 'equal'

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2022-08-16

Created: 2017-10-02

Creator: Lukasz Fu

Private: No

Hi,
Your client login app when prompting for password accepts all password strings only "starts with" not "equals", so if password is 'Password' then 'PasswordMuchLonger' is also accepted...
Looked through your code and I think VncAuthentication class, line: 53 is responsible for the bug. Maybe expanding condition in 'if' from line: 51 would fix it (original:(null == password), suggested: (null==password || password.length() > 8)),
Bests.
L.

Discussion

Lukasz Fu - 2017-10-03

The above of course is in java code, but bug it self in all instances
Tigtvnc ver is 2.8.8

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Anton - 2018-02-07

https://tools.ietf.org/html/rfc6143 7.2.2

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Brad Silva - 2022-08-16

The above comment is correct, but is useless unless you want to do some research.

Basically, the problem is that the protocol only accepts an 8 character password. The fault here is not with TightVNC.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

accepted passwords 'starting with', not 'equal'

Group

Searches

Help

#1428 accepted passwords 'starting with', not 'equal'

Discussion