Closed
Bug 85472
Opened 23 years ago
Closed 23 years ago
Logins are broken on systems that use MD5 for crypt()
Categories
(Bugzilla :: Bugzilla-General, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.14
People
(Reporter: klaus, Assigned: tara)
References
Details
I installed on a new system bugzilla 2.12. On this installation, I cant login to system (Masteraccount and normal accounts) I only get the message "Login failed. The username or password you entered is not valid. Please click Back and try again." But username and password are valid! I tried this with Netscape 4.x on unix and IE on Windows. The same installation on another machine is running.
Reporter | ||
Comment 1•23 years ago
|
||
This is in CGI.pl: I changed CGI.pl to show any variables and I see: Login failed Entered PWD(SqlQuote($enteredpwd)): 'cde3vfr' ###### this is ok SqlQuote(substr($realcryptpwd, 0, 2)): '$1' $enteredcryptpwd: $1$$0k8VSRAKFOEG.nUXbS2G30 $realcryptpwd: $1$ov$RNW21O6RWU2jWfHqTjg9q1 The username or password you entered is not valid. Please click Back and try again.
Comment 2•23 years ago
|
||
your encrypt() is using MD5 instead of unix crypt. MD5 requires the entire crypted password be passed as the salt (Unix crypt only requires the first two characters). Look for all your encrypt() calls, there should be two parameters, one will be the plaintext password, the other will be a substring to get the first two characters of the cryptpassword. Remove that substring call so it passes the entire cryptpassword instead of just the first two characters. This is probably done in a few places.
Comment 3•23 years ago
|
||
bug 77473 has a patch that fixes part of this and breaks another part. It hasn't been checked in yet, I'll make him fix the patch the rest of the way ;)
Summary: I cant login to any Account → Logins are broken on systems that use MD5 for crypt()
Updated•23 years ago
|
Target Milestone: --- → Bugzilla 2.14
Comment 4•23 years ago
|
||
since there's a patch on bug 77473 that covers this I'm just getting it out of the "needs code" list.
Assignee | ||
Updated•23 years ago
|
Status: NEW → ASSIGNED
Comment 5•23 years ago
|
||
Bug 77473 has been fixed, and since the patch that was checked in for that included the fix for this, this is fixed.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 7•23 years ago
|
||
Moving to Bugzilla product
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: Bugzilla 2.12 → unspecified
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•