Closed Bug 85472 Opened 23 years ago Closed 23 years ago

Logins are broken on systems that use MD5 for crypt()

Categories

(Bugzilla :: Bugzilla-General, defect)

Product:
Bugzilla
Component:
Bugzilla-General
Platform:
x86
FreeBSD
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.14

People

(Reporter: klaus, Assigned: tara)

References

Details

I installed on a new system bugzilla 2.12. 

On this installation, I cant login to system (Masteraccount and normal accounts)

I only get the message "Login failed. The username or password you entered is 
not valid. Please click Back and try again."

But username and password are valid!

I tried this with Netscape 4.x on unix and IE on Windows.

The same installation on another machine is running.
This is in CGI.pl:


I changed CGI.pl to show any variables and I see:

Login failed  
    
Entered PWD(SqlQuote($enteredpwd)): 'cde3vfr'  ###### this is ok
SqlQuote(substr($realcryptpwd, 0, 2)): '$1'
$enteredcryptpwd: $1$$0k8VSRAKFOEG.nUXbS2G30
$realcryptpwd: $1$ov$RNW21O6RWU2jWfHqTjg9q1
The username or password you entered is not valid. Please click Back and try 
again. 


your encrypt() is using MD5 instead of unix crypt.  MD5 requires the entire 
crypted password be passed as the salt (Unix crypt only requires the first two 
characters).  Look for all your encrypt() calls, there should be two parameters, 
one will be the plaintext password, the other will be a substring to get the 
first two characters of the cryptpassword.  Remove that substring call so it 
passes the entire cryptpassword instead of just the first two characters.  This 
is probably done in a few places.
Depends on: 77473
bug 77473 has a patch that fixes part of this and breaks another part.  It hasn't 
been checked in yet, I'll make him fix the patch the rest of the way ;)
Summary: I cant login to any Account → Logins are broken on systems that use MD5 for crypt()
Target Milestone: --- → Bugzilla 2.14
since there's a patch on bug 77473 that covers this I'm just getting it out of 
the "needs code" list.
Keywords: patch, review
Status: NEW → ASSIGNED
Bug 77473 has been fixed, and since the patch that was checked in for that
included the fix for this, this is fixed.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
*** Bug 67662 has been marked as a duplicate of this bug. ***
Moving to Bugzilla product
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: Bugzilla 2.12 → unspecified
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.