It seems that 1.0.4 RC16 does not check the entire password; only a truncated portion of it.
Enter a long password in admin properties, for example:
mypassword2008
Now, log in with your client enter this pass:
mypassword20
It will work like a charm (I guess shorter ones will work, too).
I wonder how how you guys are passing any security reviews (well, I guess that there are none)...
Dunno if it has anything to do with the MSRC4Plugin122 - I am using a random key file and not the password.
You better check it out, or, warn the users that it is pointless to give strong passwords because they are open to attacks anyway.
[mod=494,1212218156]moved from bug report to beginner help,
vnc password only support 8 alpha digit and more than 8 are simply ignored[/mod]
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
1.0.4 RC16 - Serious security issue - password truncation
1.0.4 RC16 - Serious security issue - password truncation
Last edited by Csimbi on 2008-05-31 07:16, edited 2 times in total.
Re: 1.0.4 RC16 - Serious security issue - password truncatio
FAQ
[topic=7349][/topic]
[topic=3276][/topic]
[topic=7349][/topic]
[topic=3276][/topic]
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
OS Win: xp home + vista business + 7 home
only experienced user, not developer
Re: 1.0.4 RC16 - Serious security issue - password truncatio
Thanks redge,
this is fine, but I do not think that it is a good practice to bury such information in FAQs. It should be on the UI in one way or another - written as a label, or given as a warning when the user changes the password.
Would that be doable? Thank you.
***Edit
Fixed lame typo
this is fine, but I do not think that it is a good practice to bury such information in FAQs. It should be on the UI in one way or another - written as a label, or given as a warning when the user changes the password.
Would that be doable? Thank you.
***Edit
Fixed lame typo
Last edited by Csimbi on 2008-05-31 13:02, edited 1 time in total.
Re: 1.0.4 RC16 - Serious security issue - password truncatio
sorry, ultravnc is not known as user friendly User Interface (UI) and Help.
known as fast only.
I was asked for merging user interface of TightVNC (user friendly with sensitive help) and core of UltraVNC for the speed. this not exist maybe never.
I think both advantage are available trough commercial product of maker of vnc
known as fast only.
I was asked for merging user interface of TightVNC (user friendly with sensitive help) and core of UltraVNC for the speed. this not exist maybe never.
I think both advantage are available trough commercial product of maker of vnc
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
OS Win: xp home + vista business + 7 home
only experienced user, not developer
Re: 1.0.4 RC16 - Serious security issue - password truncatio
Well, I would not think that adding a label to the UI or an additional check and a dialog when user presses ok would slow the program down.
Just a thought.
Just a thought.