Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

noVNC doesn't warn about password length limit #1758

Open
ThomasBaruzier opened this issue Feb 18, 2023 · 3 comments
Open

noVNC doesn't warn about password length limit #1758

ThomasBaruzier opened this issue Feb 18, 2023 · 3 comments
Labels
feature

Comments

@ThomasBaruzier
Copy link

Describe the bug
If my password is password, password123 will let me in
...

To Reproduce
Try to log in with the right password with extra characters

Expected behavior
Consider it a wrong password

Client (please complete the following information):

  • OS: Latest Arch linux
  • Browser: Any
  • Browser version: Tested on latest firefox, safari, chromium, chrome

Server (please complete the following information):

  • noVNC version: [e.g. 1.0.0 or git commit id]
  • VNC server: TigerVNC
  • WebSocket proxy: websockify + nginx
@ThomasBaruzier ThomasBaruzier changed the title Invalide password starting with real password is considered valid Invalid password starting with real password is considered valid Feb 18, 2023
@pdlan
Copy link
Contributor

pdlan commented Feb 18, 2023

This is because the default "VNC authentication" security type only uses the first eight characters of the password. You should use other security types if you need a longer password.

@CendioOssman
Copy link
Member

Indeed. However, we could probably be better about warning users that aren't that familiar with VNC.

@CendioOssman CendioOssman changed the title Invalid password starting with real password is considered valid noVNC doesn't warn about password length limit Feb 20, 2023
@CendioOssman
Copy link
Member

Also see TigerVNC/tigervnc#370 for the same discussion in that project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pdlan @CendioOssman @ThomasBaruzier