Date: Tue, 25 Feb 2003 00:56:55 +0300 (MSK) From: Nick Leuta <skynick@stu.lipetsk.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/48648: FreeBSD 5/PAM: incorrect handling of space symbols at the end of password Message-ID: <20030224215655.4DDB149EA3@chuck2.lstu>
next in thread | raw e-mail | index | archive | help
>Number: 48648 >Category: bin >Synopsis: FreeBSD 5/PAM: incorrect handling of space symbols at the end of password >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Feb 24 14:10:06 PST 2003 >Closed-Date: >Last-Modified: >Originator: Nick Leuta >Release: FreeBSD 5.0-CURRENT i386 >Organization: Lipetsk State Technical University >Environment: System: FreeBSD skynick.stu.lipetsk.ru 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Mon Feb 24 12:54:10 MSK 2003 root@skynick.stu.lipetsk.ru:/usr/src/sys/i386/compile/GENERIC i386 >Description: Spaces at the end of the password like "password " are ignored, and only "password" is in use. It's actual only for FreeBSD 5, FreeBSD 4 isn't affected by this problem. So some accounts may become unusable after migration from 4.x systems, or if the password will be set without help of PAM-aware tools. >How-To-Repeat: 1. Use `passwd' command and enter something like "password " after 'New password:' prompt (without `"', of course :-) ). 2. Now `login' utility allows to login with both "password " (with one or more spaces at the end) and "password" passwords, but `telnetd' and `ftpd' daemons honor entered passwords, so only "password" may be used. >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030224215655.4DDB149EA3>