From owner-freebsd-security Mon Aug 27 0:19:43 2001 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (oe46.law12.hotmail.com [64.4.18.18]) by hub.freebsd.org (Postfix) with ESMTP id 3FA4B37B403; Mon, 27 Aug 2001 00:19:38 -0700 (PDT) (envelope-from default013subscriptions@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 27 Aug 2001 00:19:37 -0700 X-Originating-IP: [24.14.93.185] Reply-To: "default" From: "default" To: , Subject: Logins without full password! Date: Mon, 27 Aug 2001 02:15:22 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Message-ID: X-OriginalArrivalTime: 27 Aug 2001 07:19:37.0977 (UTC) FILETIME=[A16E1E90:01C12EC8] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I just noticed that on one of my FreeBSD machines, one is able to login via any means by typing in only the first 8 or so characters of the password. You can also type the first 8 characters and anything else after that, for example if the password were password, one could type: 'passwordxxxxxxx' and be able to login! I'm not too worried as this is only a test machine that I keep on my internal network, however, I would like to know how it works... Is this normal? How does one disable this? Thanks, Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message