vino password accepted even if extra chars after correct pw
Bug #128334 reported by
Jordan Erickson
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| vino (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: vino
Just tried logging into an Ubuntu Feisty LTSP server via vino, and I accidentally hit a key after I typed my password in. Surprisingly I got a remote session started! I tried a few different scenarios, including a completely wrong password, but the password you type seems to always be accepted as long as the correct password is typed in first.
For example, if your vino password is 'ubuntu', when connecting and you're prompted for a password, you can type in 'ubuntu1234' and it will be accepted.
I'm using Ubuntu Feisty (AMD64 server) and LTSP, and UltraVNC Viewer v1.0.2.
Revision history for this message
| Jonh Wendell (wendell) wrote | #1 |
| Changed in vino: | |
| status: | New → Invalid |
To post a comment you must log in.
Hi.
This is a limitation of the rfb protocol. The password is limited to 8 characters.
I would consider this a bug in the client. It should limit the password entry to 8 chars.