I have found a security bug in SLES 11 & 12 any SP version.

Bug : If my vncserver password is more than eight characters then it is also possible to connect using eight characters and after them anything.

Lets say VNC my password is "P@ssword123" then i can also connect with typing "P@ssword" or "P@ssword654 or (any character)".

Anyone noticed it?

Please suggest to resolve this issue.