noVNC noVNC doesn't warn about password length limit

noVNC doesn't warn about password length limit

Open ThomasBaruzier opened this issue 2 years ago • 3 comments

Describe the bug If my password is password, password123 will let me in ...

To Reproduce Try to log in with the right password with extra characters

Expected behavior Consider it a wrong password

Client (please complete the following information):

OS: Latest Arch linux
Browser: Any
Browser version: Tested on latest firefox, safari, chromium, chrome

Server (please complete the following information):

noVNC version: [e.g. 1.0.0 or git commit id]
VNC server: TigerVNC
WebSocket proxy: websockify + nginx

Feb 18 '23 20:02 ThomasBaruzier

This is because the default "VNC authentication" security type only uses the first eight characters of the password. You should use other security types if you need a longer password.

Feb 18 '23 23:02 pdlan

Indeed. However, we could probably be better about warning users that aren't that familiar with VNC.

Feb 20 '23 12:02 CendioOssman

Also see TigerVNC/tigervnc#370 for the same discussion in that project.

Feb 20 '23 12:02 CendioOssman

noVNC noVNC copied to clipboard

noVNC doesn't warn about password length limit

noVNC
noVNC copied to clipboard