Security: Partial Passwords

[Aday]

Hi!

 

It doesn't look like RealVNC is aware however, in 4.1.2 (Unsure about other
versions, not that anyone should be using them anyway :P) 
Say your password is set to: vncrealtest (as that is a 11 character password
- it seems the last 3 characters are affected)
It seems this sometimes depends on the number of characters in a password,
this was tested on 3 different computers, all running 4.1.2.

Now set your client to access the VNC server - then instead of typing the
FULL password, only leave off the last 3 letters/numbers.

So, password: vncrealt <-- will let you in without the FULL password,
also, if you stick literally ANYTHING after the password, like:
vncrealtomghaxhaxhax 
That will let you in also.

Just a heads up 

~ Aday