On Thu, Dec 16, 2021 at 10:48:53AM +, Daniel P. Berrangé wrote:
> The VNC password authentication scheme is quite horrendous in that it
> takes the user password and directly uses it as a DES case. DES is a
> byte 8 keyed cipher, so the VNC password can never be more than 8
> characters long.
The VNC password authentication scheme is quite horrendous in that it
takes the user password and directly uses it as a DES case. DES is a
byte 8 keyed cipher, so the VNC password can never be more than 8
characters long. Anything over that length will be silently dropped.
We should validate this