Debian Security Advisory 3613-1

Discussion in 'News Aggregator' started by Packet Storm, 6 Jul 2016.

  1. Packet Storm

    Packet Storm Guest

    Debian Linux Security Advisory 3613-1 - Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC password does not work as documented in Libvirt, a virtualisation abstraction library. When the password on a VNC server is set to the empty string, authentication on the VNC server will be disabled, allowing any user to connect, despite the documentation declaring that setting an empty password for the VNC server prevents all client connections. With this update the behaviour is enforced by setting the password expiration to "now".

    Continue reading...
     

Share This Page

Loading...