PDA

View Full Version : Security bug in SLES 11 & 12 for VNC



raheelqaiser2
09-Nov-2017, 06:18
Hello,

I have found a security bug in SLES 11 & 12 any SP version.

Bug : If my vncserver password is more than eight characters then it is also possible to connect using eight characters and after them anything.


Lets say VNC my password is "P@ssword123" then i can also connect with typing "P@ssword" or "P@ssword654 or (any character)".

Anyone noticed it?

Please suggest to resolve this issue.

Regards.

kwk
09-Nov-2017, 08:19
Hi, this is not a support forum for generic problems. Please use the support means included in your SUSE Linux Enterprise Linux subscription.

enzomatsumiya
21-May-2018, 21:46
Hi raheelqaiser2,

This is an old and known bug.

Most VNC systems implements their authentication using DES encryption (https://en.wikipedia.org/wiki/Data_Encryption_Standard).
You can read more about the details on the Wikipedia link, but in short, DES limits key sizes to 8 bytes (characters). Passwords shorter than 8 are padded with zeroes.

Some implementations allows passwords to be longer than 8 (RealVNC allows 255 for example). But then, if you connect to a server that is using the standard authentication implementation, your password will just be silently be trimmed to 8 characters, ignoring anything beyond that.


Hope this helps.