Closed
Bug 10585
Opened 25 years ago
Closed 25 years ago
Password Bug!
Categories
(Bugzilla :: Bugzilla-General, defect, P3)
Tracking
()
VERIFIED
INVALID
People
(Reporter: mgong, Assigned: justdave)
References
()
Details
It doesn't appear as though an exact match for a user's password is required. (ie. maybnsj or maybnsjgggg both work for a password which should have been maybnsjg). I haven't tested too many, but it seems that a lot of different passwords work. This is a potential security leak.. -Matt Gong
Updated•25 years ago
|
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → INVALID
Comment 1•25 years ago
|
||
I believe you are seeing the fact that only the first eight characters of the password are used. This is nothing new; Unix-based password schemes have had that problem for a very long time now. It's just the way the low-level password code works.
Comment 3•25 years ago
|
||
Verified that Unix is insecure.
Status: RESOLVED → VERIFIED
QA Contact: matty
Assignee | ||
Comment 4•23 years ago
|
||
moving to Bugzilla product reassign to default owner/qa for INVALID/WONTFIX/WORKSFORME/DUPLICATE
Assignee: terry → justdave
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: other → unspecified
Comment 5•19 years ago
|
||
*** Bug 316829 has been marked as a duplicate of this bug. ***
bug 211006 is tracking a fix for this (use md5 instead of crypt)
Updated•18 years ago
|
Severity: critical → trivial
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•