vnc security glitch: long passwords

Ingecom - SERRE Jean-Christophe jcs "at"
Tue, 08 Aug 2000 17:37:18 +0000

Dave Dyer <ddyer "at"> wrote:
>  VNC doesn't complain if you try to assign a password
> longer than it actually uses.  The security problem is
> that if you habitually use such long passwords, you may
> think you're giving each host a different password, but
> you're not.  The hazard is obvious.

I agree that VNC's password edit field should have .maxLength=8 set for
not being deluding about the entered password -- now, this password
behavior is explicitely told in the FAQ so it's up to you to RTFF...

One may add that if all passwords starts with the same 8 chars (and now
every hacker reading this list knows that you seems to have that
habbit :-) then it wasn't that worth having "long passwords"...

JCS - Jean-Christophe SERRE - INGECOM France - +33 (0)
Microsoft: the 51st State of America -- 52nd coming soon!
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at"
See also: