Closed Bug 10585 Opened 25 years ago Closed 25 years ago

Password Bug!

Categories

(Bugzilla :: Bugzilla-General, defect, P3)

Product:
Bugzilla
Component:
Bugzilla-General
Platform:
SGI
IRIX
Type:
defect

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: mgong, Assigned: justdave)

References

(
URL
)

Details

It doesn't appear as though an exact match for a user's password is required.
(ie. maybnsj or maybnsjgggg both work for a password which should have been
maybnsjg).  I haven't tested too many, but it seems that a lot of different
passwords work.  This is a potential security leak..

-Matt Gong
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → INVALID
I believe you are seeing the fact that only the first eight characters of the
password are used.  This is nothing new; Unix-based password schemes have had
that problem for a very long time now.  It's just the way the low-level password
code works.
Oh, ok.. I wasn't aware of that.. thanks Terry!
Verified that Unix is insecure.
Status: RESOLVED → VERIFIED
QA Contact: matty
moving to Bugzilla product
reassign to default owner/qa for INVALID/WONTFIX/WORKSFORME/DUPLICATE
Assignee: terry → justdave
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: other → unspecified
*** Bug 316829 has been marked as a duplicate of this bug. ***
bug 211006 is tracking a fix for this (use md5 instead of crypt)
Severity: critical → trivial
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.