Date: Tue, 27 Jun 2000 12:40:13 -0700 (PDT) From: john@jfive.com To: freebsd-gnats-submit@FreeBSD.org Subject: misc/19548: DES in 3.5-RELEASE allows trailing characters Message-ID: <20000627194013.AA41137C2D4@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 19548 >Category: misc >Synopsis: DES in 3.5-RELEASE allows trailing characters >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jun 27 12:50:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: John Heyer >Release: 3.5-RELEASE >Organization: J Five >Environment: FreeBSD proxy3.10MB.supranet.net 3.5-RELEASE FreeBSD 3.5-RELEASE #0: Tue Jun 27 12:29:24 CDT 2000 root@bench1.supranet.int:/usr/src/sys/compile/PROXY-IDE i386 >Description: I can login using any password, provided my real password is the first substring. For example if my password was "plant", a password of "plant72495" will authenticate. >How-To-Repeat: install DES and set a password. Then login, inserting random characters after your correct password >Fix: Uninstalling DES fixes it. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000627194013.AA41137C2D4>