Date: Mon, 1 May 2000 23:11:46 -0700 (PDT) From: sherwin@newpagcor.com To: freebsd-gnats-submit@FreeBSD.org Subject: i386/18339: Password during Login Message-ID: <200005020611.XAA62698@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 18339 >Category: i386 >Synopsis: Password during Login >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon May 1 23:20:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Ross Sherwin de Claro >Release: 4.0-RELEASE >Organization: Philippine Amusement and Gaming Corporation >Environment: FreeBSD kapre.newpagcor.com 4.0-RELEASE FreeBSD 4.0-RELEASE #1: Tue May 2 13:37:51 PHT 2000 sherwin@kapre.newpagcor.com:/usr/src/sys/compile/KAPRE i386 >Description: I found out that during login phase, FreeBSD does not check the password if its longer than the stored password of the user against the inputed one. >How-To-Repeat: Try to login, root or even ordinary user: Now in our case the password of root is "qwerty12" Try entering this passwords: -password- -result- qwerty invalid qwery12 invalid qwerty12 valid qwerty1234 valid, but its supposed to be invalid >Fix: Re-configure the algorithm on how FreeBSD check the Password against its database. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005020611.XAA62698>