Univention Bugzilla – Bug 21227
Vom VNC Passwort im UVMM werden nur 8 Stellen ausgewertet
Last modified: 2023-06-28 10:46:06 CEST
Berichtet an Ticket#: 2011011710013502 Im UVMM Modul der UMC kann für den Direktzugriff per VNC ein Passwort vergeben werden. Hier werden allerdings nur die ersten 8 Stellen ausgewertet. Wird ein längeres Passwort angegeben, reichen im VNC Viewer die ersten 8 Stellen zur Authentisierung aus.
Quoting qemu-kvm/qemu-doc.texi: > The VNC protocol has limited support for password based authentication. Since > the protocol limits passwords to 8 characters it should not be considered to > provide high security. The password can be fairly easily brute-forced by a > client making repeat connections. For this reason, a VNC server using > password authentication should be restricted to only listen on the loopback > interface or UNIX domain sockets. QEMU supports authentication through SASL, which probably supports longer passwords, but not all VNC viewers support that extension, especially noVNC does not.
This issue has been filed against UCS 2.4. UCS 2.4 is out of maintenance and many UCS components have vastly changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug". In this case please provide detailed information on how this issue is affecting you.