Variations of auth. passwords accepted

Brought to you by: anton19286, const_k, crazy-walrus

#1546 Variations of auth. passwords accepted

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2022-08-16

Created: 2021-02-15

Creator: Aaron Hurt

Private: No

We set an authentication password for control, view and view only. TightVNC will accept a number of variations of the password as well as the actual password itself. For example, if I set the password to Passw0rd1, it appears to accept variations such as Passw0rd, Password1, etc. We're using version 2.8.59 downloaded directly from the site.

Discussion

Brad Silva - 2022-08-16

Is it possible that you're using passwords where the first 8 characters are the same and your variations are in the later characters?

There's an issue with the RFB protocol that it only uses the first 8 characters of the password. This is not a TightVNC issue. More recent versions of TightVNC only let you enter an 8 character password, not sure when this changed.

Last edit: Brad Silva 2022-08-16

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Variations of auth. passwords accepted

Group

Searches

Help

#1546 Variations of auth. passwords accepted

Discussion