Closed Bug 460415 Opened 17 years ago Closed 17 years ago

Successfully log in with incorrect password

Categories

(Bugzilla :: User Accounts, defect)

Product:
Bugzilla
Component:
User Accounts
Version:
3.0.5
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 211006

People

(Reporter: huynhminhtan1985, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.2) Gecko/2008090514 Firefox/3.0.2 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.2) Gecko/2008090514 Firefox/3.0.2 (.NET CLR 3.5.30729) You can successfully log in with incorrect password as long as your entered password that had prefix that was your correct password. Ex: your correct password is "Global Cybersoft", you can enter "Global Cybersoft VN" => you successfully log in. Reproducible: Always Steps to Reproduce: 1.Enter your correct user name 2.Enter your incorrect password that had prefix was your correct password 3.You successfully log in Actual Results: Successfully log in Expected Results: Invalid user name and password N/A
Component: General → User Accounts
Product: Firefox → Bugzilla
Version: unspecified → 3.0.5
Tan, 1) are you talking about bugzilla.mozilla.org ? 2) If not, are you talking about the bugzilla product, which version ?
Yes, I am talking about the bugzilla product version 3.0.5
That's because passwords are encrypted using crypt(), which only takes the first 8 characters into account. To take more than 8 characters, we need to move to MD5, which is the topic of bug 211006.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
QA Contact: general → default-qa
You need to log in before you can comment on or make changes to this bug.