KasmVNC icon indicating copy to clipboard operation
KasmVNC copied to clipboard

Published 20 hours ago verified publisher icon kasmtech

BasicAuth allows blank username to view VNC desktop

Open magic-commits opened this issue 3 years ago • 1 comments

.kasmpasswd has my username and password along with the :wo and that is the only entry. However, if you don't enter anything in the username or password field for the BasicAuth prompt, it will open the VNC desktop stream in view-only mode.

Is this intended? If so, how is it possible to disable the BasicAuth that kasmvnc comes with so that I can implement it on my traefik proxy?

In the log below, can see that BasicAuth fails and sends a 401 Unauthorized, however, it immediately says BasicAuth Matched and then proceeds to setup a view only session.

kasm.txt

magic-commits avatar Feb 14 '22 15:02 magic-commits

@magic-commits , this is a confirmed bug and has been fixed on master. We are working to release a new version.

mmcclaskey avatar Feb 14 '22 19:02 mmcclaskey

This fix was in the 0.9.3 release.

mmcclaskey avatar Sep 23 '22 13:09 mmcclaskey