Notices


Reply
Thread Tools
Posts: 26 | Thanked: 56 times | Joined on Jul 2016 @ Where do I live?
#1
I've been playing around with x11vnc in order to be able to have my phone in my computer screen and hack around more confortably.

I have been able to connect to my phone via VNC (with quite slow screen updating, though...), but setting up the server password made me come across a creepy issue: I was able to connect to my server even typing a 'slightly wrong' password. I'll describe the process I followed in case you want to reproduce it or tell me if I have forgotten anything important:
  1. First of all, after installing x11vnc from the Application Manager, I typed
    Code:
    x11vnc -storepasswd 5up3rdup3r53cr3t
    (obviously a demo purpose pass)
  2. I start my server using
    Code:
    x11vnc -usepw
    and start a terminal in my desktop computer.
  3. Once in my computer, I type
    Code:
    vncviewer 192.168.1.xxx:5900
  4. When I am asked for my password, I type 5up3rdup3r53cr3t and it just connects normally.

BUT if I just type 5up3rdup3r53cr3 (missing the final t) or even 5up3rdup3r53 it will also let me connect!



I'm afraid this could be a worrying security issue, but I'm still not sure. Have you ever experienced the same?


P.S. Sorry for the bad list display, I had to use code tags.
 

The Following 2 Users Say Thank You to cHeXs7eR For This Useful Post:
Posts: 368 | Thanked: 975 times | Joined on Aug 2013
#2
http://www.karlrunge.com/x11vnc/x11vnc_opts.html

Note that due to the VNC protocol only the first 8 characters of a password are used (DES key).
 

The Following 7 Users Say Thank You to t-b For This Useful Post:
Reply

Tags
password, security, vnc viewer

Thread Tools

 
Forum Jump


All times are GMT. The time now is 23:14.