Screen Sharing Password Ignored?

cohoman

macrumors newbie
Original poster
Aug 18, 2012
2
0
I've setup my Mountain Lion system for Screen Sharing, and I've specified a VNC password. However, when I connect to my iMac using a tablet and Mocha VNC app, it totally ignores the VNC password that I set. It will connect and login fine, but I doesn't matter whether I specific or not the VNC password in the Mocha app settings!

Luckily, I still need to specify my iMac's user name and login account password to fully connect, but it's shocking that my Mocha VNC app can connect to my iMac and completely ignore the VNC password that I set in Screen Sharing on my iMac.

Anyone else see this security issue? And, any reason why and possible solution?

Thanks.

cohoman
 

chrfr

macrumors G3
Jul 11, 2009
8,481
2,680
Luckily, I still need to specify my iMac's user name and login account password to fully connect, but it's shocking that my Mocha VNC app can connect to my iMac and completely ignore the VNC password that I set in Screen Sharing on my iMac.
That it's asking for your Mac username and password isn't a security vulnerability. VNC passwords are sent in the clear and are insecure as a result.
In fact, this is listed as a feature of Mocha VNC client: "- Mac OS X sign on with user/password (needed for Lion)."
 

cohoman

macrumors newbie
Original poster
Aug 18, 2012
2
0
That it's asking for your Mac username and password isn't a security vulnerability. VNC passwords are sent in the clear and are insecure as a result.
In fact, this is listed as a feature of Mocha VNC client: "- Mac OS X sign on with user/password (needed for Lion)."
Thanks for your comments. I just don't understand why my iMac will let the VNC connection complete without requiring the VNC password that I setup in the Screen Sharing settings.
 

chrfr

macrumors G3
Jul 11, 2009
8,481
2,680
Thanks for your comments. I just don't understand why my iMac will let the VNC connection complete without requiring the VNC password that I setup in the Screen Sharing settings.
Because it's using the Apple screen sharing login requirement instead.
 

Mal

macrumors 603
Jan 6, 2002
6,251
17
Orlando
Thanks for your comments. I just don't understand why my iMac will let the VNC connection complete without requiring the VNC password that I setup in the Screen Sharing settings.
Because it's using another authentication method (one which happens to be even more secure). OS X has built-in support for VNC, but doesn't allow clients that are not OS X clients to access it unless you specifically authorize the less secure password only method. It doesn't block the ability to use your Mac OS X username and password instead, however, it's just that most VNC clients don't support that type of authentication.

jW