From owner-freebsd-bugs  Mon May  1 23:20:23 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 90B2F37B670
	for <freebsd-bugs@FreeBSD.org>; Mon,  1 May 2000 23:20:18 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id XAA63565;
	Mon, 1 May 2000 23:20:06 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 5C9A937B72A
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  1 May 2000 23:11:46 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id XAA62698;
	Mon, 1 May 2000 23:11:46 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Message-Id: <200005020611.XAA62698@freefall.freebsd.org>
Date: Mon, 1 May 2000 23:11:46 -0700 (PDT)
From: sherwin@newpagcor.com
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: i386/18339: Password during Login
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         18339
>Category:       i386
>Synopsis:       Password during Login
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon May  1 23:20:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Ross Sherwin de Claro
>Release:        4.0-RELEASE
>Organization:
Philippine Amusement and Gaming Corporation
>Environment:
FreeBSD kapre.newpagcor.com 4.0-RELEASE FreeBSD 4.0-RELEASE #1: Tue May  2 13:37:51 PHT 2000     sherwin@kapre.newpagcor.com:/usr/src/sys/compile/KAPRE  i386
>Description:
I found out that during login phase, FreeBSD does not check the password if its longer than the stored password of the user against the inputed one. 
>How-To-Repeat:
Try to login, root or even ordinary user:

Now in our case the password of root is "qwerty12"

Try entering this passwords:

-password-      -result-
qwerty           invalid
qwery12          invalid
qwerty12         valid
qwerty1234       valid, but its supposed to be invalid

>Fix:
Re-configure the algorithm on how FreeBSD check the Password against its database.

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message