From owner-freebsd-bugs Thu Jan 23 12:30:06 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA10264 for bugs-outgoing; Thu, 23 Jan 1997 12:30:06 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA10256; Thu, 23 Jan 1997 12:30:04 -0800 (PST) Date: Thu, 23 Jan 1997 12:30:04 -0800 (PST) Message-Id: <199701232030.MAA10256@freefall.freebsd.org> To: freebsd-bugs Cc: From: j@uriah.heep.sax.de (J Wunsch) Subject: Re: bin/2560: login accepts bad passwd and logs user in Reply-To: j@uriah.heep.sax.de (J Wunsch) Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk The following reply was made to PR bin/2560; it has been noted by GNATS. From: j@uriah.heep.sax.de (J Wunsch) To: jcwells@u.washington.edu Cc: FreeBSD-gnats-submit@freebsd.org Subject: Re: bin/2560: login accepts bad passwd and logs user in Date: Thu, 23 Jan 1997 21:02:50 +0100 As Jason Wells wrote: > Login accepts password that is known to be bad. If the user > accidentally adds characters to the end of a correct password login > does not reject the login. If your password was 'password' and you > entered 'passwordxx' login willaccept the password. That's a known problem. There are only 8 significant characters in a password. So the password wasn't ``bad'' per se. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)