Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [gpl] Admin password

From: "Dom De Vitto" <dom () DeVitto com>
Date: Fri, 3 Jan 2003 21:14:47 -0000
It's just that the max password length is 8 I guess, as per older
Unixes.

Anything after the first 8 characters is ignored, so you'll notice
for a password "password":
"password", "password1", "password2", "password9999999" all work.

But for a password of "secret", only "secret" will ever work.

It's to do with crypt taking 64bits (8x8bit characters).

Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto                                       Tel. 07855 805 271
http://www.devitto.com                         mailto:dom () devitto com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 


-----Original Message-----
From: Sam Pointer [mailto:sam.pointer () hpdsoftware com] 
Sent: Friday, January 03, 2003 12:55 PM
To: 'vuln-dev () securityfocus com'
Subject: FW: [gpl] Admin password


This posting just appeared on the Smoothwall GPL mailing list if anyone
is interested (Smoothwall is a Linux-based GUIfied firewall:
www.smoothwall.co.uk)

-----Original Message-----
From: Peter Leeman [mailto:peter.leeman () btopenworld com]
Sent: 02 January 2003 03:48
To: Gpl
Subject: [gpl] Admin password


Hi (Happy new year)

I'm running Smoothwall gpl 1.0 and have found the following:

When logging on to shut smoothwall down (using admin account) if I enter
the correct password plus a few characters I can still get logged on ie,

If password = password then
'blahblah' doesn't work
'password' does
'password123' does

Strange but true, does anyone else get this, if not.. oh! if so is there
a way to stop this.

TIA
Pete.
_______________________________________________
gpl mailing list
gpl () lists smoothwallusers org
http://lists.smoothwallusers.org/mailman/listinfo/gpl

SmoothWall Stash - Buy Our Stuff! http://cafepress.com/smoothwall


This email and any attachments are strictly confidential and are
intended solely for the addressee. If you are not the intended recipient
you must not disclose, forward, copy or take any action in reliance on
this message or its attachments. If you have received this email in
error please notify the sender as soon as possible and delete it from
your computer systems. Any views or opinions presented are solely those
of the author and do not necessarily reflect those of HPD Software
Limited or its affiliates.

 At present the integrity of email across the internet cannot be
guaranteed and messages sent via this medium are potentially at risk.
All liability is excluded to the extent permitted by law for any claims
arising as a re- sult of the use of this medium to transmit information
by or to 
HPD Software Limited or its affiliates.
Previous By Date Next
Previous By Thread Next

Current thread: