RE: Win32 - 3.3.3r9 - password exploit?

Tue, 03 Apr 2001 15:29:29 -0700 

Yes a new FAQ would help.  I actually did read "most" of the FAQ and
documents.

Thanks to all for the help. Sorry to be repetitive but I did not find it in
the archive either.

Marty

-----Original Message-----
From: Mac Reiter [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 03, 2001 5:21 PM
To: [EMAIL PROTECTED]
Subject: Re: Win32 - 3.3.3r9 - password exploit?


At 04:46 PM 4/3/01 -0500, you wrote:
>I am not sure if this has been noticed, or if VNC does not like special
>characters as a password, but within the Win version I had set the password
>to "QPH@#as9%" without the "".  When I use the viewer to access the server
I
>can use ANY character as the last character and it will login successfully.
>I haven't played around with it much to see if I could change more than 1
>character at a time. For all I know this may be documented somewhere.  
>I will play with it a little and report what happens. Are special
characters
>not to be used?

VNC only uses the first 8 characters of the password, to maintain
compatibility with some old pathetic implementation of a password routine
on one of the hundreds of platforms that it supports.  Since your password
is 9 characters long, you could put anything you want for the last
character.  And it doesn't matter what the preceding characters were.  I
have noticed that when my password is longer than 8 characters, I have to
enter at least 9 characters for it to be accepted.  I have not tested to
see if the 9th character can be random.

It's amazing to me how these questions run in cycles and batches.  I think
the FAQ needs to be updated, so that around 90% of the posts could be
answered with "Read the FAQ".  This question, though frequently asked
(variations have appeared at least three times in the last two weeks), is
not currently on the FAQ, so I answered...

Mac
 _____________________________     /"\
 Mac Reiter                        \ /    ASCII Ribbon Campaign
 Nomadics, Inc.                     X     Against HTML Mail
 [EMAIL PROTECTED]               / \
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------

Reply via email to