Screen Sharing Password Ignored?

Discussion in 'OS X Mountain Lion (10.8)' started by cohoman, Aug 18, 2012.

  1. cohoman macrumors newbie

    Joined:
    Aug 18, 2012
    #1
    I've setup my Mountain Lion system for Screen Sharing, and I've specified a VNC password. However, when I connect to my iMac using a tablet and Mocha VNC app, it totally ignores the VNC password that I set. It will connect and login fine, but I doesn't matter whether I specific or not the VNC password in the Mocha app settings!

    Luckily, I still need to specify my iMac's user name and login account password to fully connect, but it's shocking that my Mocha VNC app can connect to my iMac and completely ignore the VNC password that I set in Screen Sharing on my iMac.

    Anyone else see this security issue? And, any reason why and possible solution?

    Thanks.

    cohoman
     
  2. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #2
    That it's asking for your Mac username and password isn't a security vulnerability. VNC passwords are sent in the clear and are insecure as a result.
    In fact, this is listed as a feature of Mocha VNC client: "- Mac OS X sign on with user/password (needed for Lion)."
     
  3. cohoman thread starter macrumors newbie

    Joined:
    Aug 18, 2012
    #3
    Thanks for your comments. I just don't understand why my iMac will let the VNC connection complete without requiring the VNC password that I setup in the Screen Sharing settings.
     
  4. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #4
    Because it's using the Apple screen sharing login requirement instead.
     
  5. Mal macrumors 603

    Mal

    Joined:
    Jan 6, 2002
    Location:
    Orlando
    #5
    Because it's using another authentication method (one which happens to be even more secure). OS X has built-in support for VNC, but doesn't allow clients that are not OS X clients to access it unless you specifically authorize the less secure password only method. It doesn't block the ability to use your Mac OS X username and password instead, however, it's just that most VNC clients don't support that type of authentication.

    jW
     

Share This Page