Closed Bug 290551 Opened 20 years ago Closed 20 years ago

while login as a administrator it accepts additional characters after the correct password.

Categories

(Bugzilla :: Administration, task)

Product:
Bugzilla
Component:
Administration
Version:
2.18
Platform:
x86
Windows 2000
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 211006

People

(Reporter: kbmahesh123, Unassigned)

Details

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Build Identifier: Bugzilla 2.18

while login as a administrator, if we give extra characters afters the correct 
password characters it accepts.

Ex;                  valid password : enternow
but it also accepts  enternow1234,enternowabcd,....etc

Reproducible: Always

Steps to Reproduce:
1.open the main page of bugzilla
2.click on the log into an existing account
3.in the login page give the correct login name
4. then give the correct password and also add some additional characters.
5.click login

Actual Results:  
login was successfull.

Expected Results:  
login should be unsuccessful, and should show an error message.
Version: unspecified → 2.18
This is because Bugzilla uses the crypt function to create the hash for the
password. It only looks at the first 8 characters. Bug 211006 is about replacing
that with another password hashing method (md5).

*** This bug has been marked as a duplicate of 211006 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.