Date: Fri, 13 Feb 1998 13:03:02 -0800 (PST) From: "Andrey A. Chernov" <ache@FreeBSD.ORG> To: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-usrbin@FreeBSD.ORG Subject: cvs commit: src/usr.bin/login login.c Message-ID: <199802132103.NAA25254@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
ache 1998/02/13 13:03:02 PST Modified files: usr.bin/login login.c Log: Fix very rare but dangerous bug: for some DES passwords crypt(real_password, salt) is equal to crypt("", salt); It means that this user (and not only he) can login without entering password at all, just pressing Return. So if empty password entered and crypted password is not empty, invalidate any crypt result by assigning ":" Revision Changes Path 1.32 +3 -1 src/usr.bin/login/login.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802132103.NAA25254>