maemo.org - Talk

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Applications (https://talk.maemo.org/forumdisplay.php?f=41)
-   -   [M5] [x11vnc] Really strange password bypass (https://talk.maemo.org/showthread.php?t=97004)

cHeXs7eR 2016-07-19 17:50
[x11vnc] Really strange password bypass
 
I've been playing around with x11vnc in order to be able to have my phone in my computer screen and hack around more confortably.

I have been able to connect to my phone via VNC (with quite slow screen updating, though...), but setting up the server password made me come across a creepy issue: I was able to connect to my server even typing a 'slightly wrong' password. I'll describe the process I followed in case you want to reproduce it or tell me if I have forgotten anything important:
  1. First of all, after installing x11vnc from the Application Manager, I typed
    Code:
    x11vnc -storepasswd 5up3rdup3r53cr3t
    (obviously a demo purpose pass)
  2. I start my server using
    Code:
    x11vnc -usepw
    and start a terminal in my desktop computer.
  3. Once in my computer, I type
    Code:
    vncviewer 192.168.1.xxx:5900
  4. When I am asked for my password, I type 5up3rdup3r53cr3t and it just connects normally.

BUT if I just type 5up3rdup3r53cr3 (missing the final t) or even 5up3rdup3r53 it will also let me connect!



I'm afraid this could be a worrying security issue, but I'm still not sure. Have you ever experienced the same?


P.S. Sorry for the bad list display, I had to use code tags.

t-b 2016-07-19 18:32
Re: [x11vnc] Really strange password bypass
 
http://www.karlrunge.com/x11vnc/x11vnc_opts.html

Note that due to the VNC protocol only the first 8 characters of a password are used (DES key).


All times are GMT. The time now is 13:55.

vBulletin® Version 3.8.8