Closed Bug 285907 Opened 20 years ago Closed 20 years ago

Succesful login with bad password if it contains the good pass

Categories

(Bugzilla :: User Accounts, defect)

Product:
Bugzilla
Component:
User Accounts
Platform:
x86
FreeBSD
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 285906

People

(Reporter: K.Kozlowski, Unassigned)

Details

User-Agent: Opera/7.54 (X11; FreeBSD i386; U) [en] Build Identifier: Opera 7.54 When we have a password ended with some numbers (I've tried with 2 nubmers) we could login to an account with a password extended by some numbers. E.g. When we have a password like "Kkrowa12" then we could login with a password "Kkrowa123". I haven't tried all of combinations (Bugzilla 2.18 and 2.19+) - but above works. .. It seems like number of letters are important or two first have to be the same (capital and normal). On "krowa12" this didn't work out... but "Kkrowa12" were OK. Reproducible: Always Steps to Reproduce: 1. Create a password - 5 or 6 letters and 2 numbers. 2. Try to login with a that password extended by some number. Actual Results: Succesful login to an acount with bad (not accurate) password. Expected Results: "Bad password or username"... It works on Opera 7.54 on BSD and on Mozilla (Windows ?). Originally confirmed by Rafal Mileszczyk merlino [at] wp [dot] pl .
*** This bug has been marked as a duplicate of 285906 ***
Group: webtools-security
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.