[Spice-devel] Always get Invalid password while trying to connect to spice server
Niccolò Belli
darkbasic at linuxsystems.it
Thu Dec 27 14:51:40 UTC 2018
On mercoledì 26 dicembre 2018 13:38:28 CET, Frediano Ziglio wrote:
> Yes, this looks like a format string error in the upper (not
> into spice) layer.
>
> This potentially is a security problem.
Considering the spice server is exposed to the internet this is definitely
worth investigating.
> The specific '%' character could be the issue, can you try
> others ('!', '@' and
> so on) ?
I tried several other special characters and they all seems to work, expect
for "Password&&" which gets converted to "Password&&" (if I type
"Password&&" it works).
Niccolo'
More information about the Spice-devel
mailing list