Closed luyaotang closed 1 month ago
Thanks for reporting! However, I cannot reproduce this. Is your password some non-ASCII string? Can you try with another client please?
password is somthing like abc1234
I will try with vncviewer clinet later
I tried VNC Viewer, and it indeed is influenced by the password set in droidVNC-NG. Based on the comparison between Guacamole and VNC Viewer, it seems that the password on the VNC server side is just for show. If a malicious client doesn't follow the standard implementation, it can bypass the password and directly connect to the server.
That's indeed a bug then, but very probably in the underlying library. How would I be able to repro with Guacamole most easily?
Edit: tried with this https://krdesigns.com/articles/how-to-install-guacamole-using-docker-step-by-step tutorial. If I enter a wrong password or none, droidVNC-NG does not let me in, so everything works as expected.
https://guacamole.apache.org/releases/
Extract the downloaded guacamole-server-1.5.1.tar.gz
to any directory. I placed it in the /opt
directory.
yum install cairo-devel libjpeg-devel libpng-devel uuid-devel ffmpeg-devel freerdp-devel freerdp-plugins pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel wget gedit java-1.8.0-openjdk* libwebsockets-devel libgcrypt-devel
tar zxvf guacamole-server-1.5.1.tar.gz -C /opt/
cd /opt/guacamole-server-1.5.1
./configure
make && make install
guacd
is Successfully Installed:ldconfig
systemctl restart guacd
systemctl enable guacd
systemctl status guacd
If using the official client: simply use the downloaded guacamole-1.5.3.war
.
systemctl restart tomcat
/etc/guacamole/
Directory:mkdir /etc/guacamole/
guacamole.properties
File:[root@zmdev guacamole]# cat guacamole.properties
# Hostname and port of guacamole proxy
guacd-hostname: 127.0.0.1
guacd-port: 4822
user-mapping.xml: /etc/guacamole/user-mapping.xml
enable-clipboard-integration: true
user-mapping.xml
File in the /etc/guacamole/
Directory:[root@zmdev guacamole]# cat /etc/guacamole/user-mapping.xml
<user-mapping>
<!-- This configuration will show the device selection page after login -->
<authorize username="xxxxx" password="xxxxxx">
<connection name="zk(242)-RDP">
<protocol>rdp</protocol>
<param name="security">nla</param>
<param name="hostname">192.168.22.242</param>
<param name="port">3389</param>
<param name="color-depth">24</param>
<param name="username">xxxxx</param>
<param name="password">xxxxx</param>
<param name="ignore-cert">true</param>
<param name="enable-font-smoothing">true</param>
</connection>
<connection name="zk-242(VNC)">
<protocol>vnc</protocol>
<param name="hostname">192.168.22.242</param>
<param name="port">5900</param>
<param name="password">xxxx</param>
</connection>
</authorize>
</user-mapping>
Browser Access: http://192.168.22.xxxx:xxx/guacamole/
Default Username and Password: guacadmin / guacadmin After logging in successfully, please change the password.
I don't know the reason, but regardless of whether I set it up or not, or even if I set it up incorrectly, it can still connect to my phone normally. It is also unrelated to whether I use repeater services. The version of Guacamole is 1.5, the phone is Android 14, and DroidVNC-NG is 2.5.0.
That's indeed a bug then, but very probably in the underlying library. How would I be able to repro with Guacamole most easily?
Edit: tried with this https://krdesigns.com/articles/how-to-install-guacamole-using-docker-step-by-step tutorial. If I enter a wrong password or none, droidVNC-NG does not let me in, so everything works as expected.
let me try on another phone
I don't know the reason, but regardless of whether I set it up or not, or even if I set it up incorrectly, it can still connect to my phone normally. It is also unrelated to whether I use repeater services. The version of Guacamole is 1.5, the phone is Android 14, and DroidVNC-NG is 2.5.0.
That's indeed a bug then, but very probably in the underlying library. How would I be able to repro with Guacamole most easily? Edit: tried with this https://krdesigns.com/articles/how-to-install-guacamole-using-docker-step-by-step tutorial. If I enter a wrong password or none, droidVNC-NG does not let me in, so everything works as expected.
On other devices, it's the same issue. Regardless of what the password is set to, it can directly connect to DroidVNC-NG.
let me try on another phone
@luyaotang Might it be that the password is somehow cached or Guacamole 1.5 has some superpowers? Can you try with my setup https://krdesigns.com/articles/how-to-install-guacamole-using-docker-step-by-step to rule out Guacamole?
I will try using Docker to build Guacamole later. It should be unrelated to the cache. I also tried changing different passwords in DroidVNC-NG and configuring different passwords in Guacamole, but the result was that I could access it directly, regardless of the password.
@luyaotang I can not reproduce this with guacamole 1.5.5 either. If a password is set on the server, the guacamole user needs to enter it always.
Here's what the connection looks like in English locale (everything else left blank)
Sorry for the confusion. The issue can be closed. It seems that there is a connection pool between guacd and droidvnc-ng. When reconfiguring the password in the configuration interface, the current connection will not be disconnected, causing the previous connection to be reused during the preview. If I restart droidvnc-ng, the changes can take effect.
The password configured on the droid-ng VNC interface is not working. Currently, I've set up the connection in Guacamole, but I found that whether the password is correct or incorrect, or even if no password is configured, the connection to droid-ng VNC still works normally.
Your environment (please complete the following information):