Date: Mon, 26 Jul 2004 12:20:24 GMT From: Ceri Davies <ceri@submonkey.net> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/69596: When logging in or su'ing to root, I noticed that if you type the correct password but add characters to the end of the correct password, the password still passes validation and allows you to login Message-ID: <200407261220.i6QCKO45043508@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/69596; it has been noted by GNATS. From: Ceri Davies <ceri@submonkey.net> To: Timothy Radigan <tradigan@newrevolutions.net> Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: misc/69596: When logging in or su'ing to root, I noticed that if you type the correct password but add characters to the end of the correct password, the password still passes validation and allows you to login Date: Mon, 26 Jul 2004 13:14:55 +0100 On Sun, Jul 25, 2004 at 11:01:06PM +0000, Timothy Radigan wrote: > Log in using an account, type the correct password and a few extra > characters after the correct password and try to log in. You will > be validated and access is granted. At a guess, I'd say that you are using DES encrypted passwords, and your password (after appending the extra characters) is more than 8 characters long. This is a common limitation with DES. Ceri -- It is not tinfoil, it is my new skin. I am a robot.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407261220.i6QCKO45043508>