Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Password Comparison Bug/Flaw

Post Reply
DougBird
Posts: 2
Joined: 2005-07-16 12:22
Location: Orem, Utah
Contact:
Contact DougBird

Password Comparison Bug/Flaw

Post by DougBird »

The method used to authenticate a password on the ultravnc server appears to have a serious flaw. It only compares up to N length of the password stored. For example...

The correct password is: ilikeultravnc100
A user authenticates with: ilikeultravnc100asdfg

ultravnc server will accept the authentication and the user has access (with a ridiculously incorrect password!!)

this appears to be the case in Rel 1.0.0
and in previous versions as well

[mod=494,1121532275]moved from Bug rel 1.00 to General help, reason: is not a bug but limitation of RFB 3.3.6 wish UltraVNC based[/mod]
Last edited by DougBird on 2005-07-16 16:44, edited 2 times in total.
Top
redge
1000
1000
Posts: 6797
Joined: 2004-07-03 17:05
Location: Switzerland - Geneva

Post by redge »

a tour on FAQ about vnc password
[topic=3276][/topic]

- VNC 3.3.6 based password length alpha numerical maximum 8 caracters
(more caracters would be simply ignored)

reason:
UltraVNC 1.00 based on VNC 3.3.6 and added added MS-Logon bypass this limitation of password lenght to 32 caracters
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
Top
Post Reply

Return to “Old messages”