Vulnerability Development mailing list archives
RE: [gpl] Admin password
From: "Dom De Vitto" <dom () DeVitto com>
Date: Fri, 3 Jan 2003 21:14:47 -0000
It's just that the max password length is 8 I guess, as per older Unixes. Anything after the first 8 characters is ignored, so you'll notice for a password "password": "password", "password1", "password2", "password9999999" all work. But for a password of "secret", only "secret" will ever work. It's to do with crypt taking 64bits (8x8bit characters). Dom - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dom De Vitto Tel. 07855 805 271 http://www.devitto.com mailto:dom () devitto com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -----Original Message----- From: Sam Pointer [mailto:sam.pointer () hpdsoftware com] Sent: Friday, January 03, 2003 12:55 PM To: 'vuln-dev () securityfocus com' Subject: FW: [gpl] Admin password This posting just appeared on the Smoothwall GPL mailing list if anyone is interested (Smoothwall is a Linux-based GUIfied firewall: www.smoothwall.co.uk) -----Original Message----- From: Peter Leeman [mailto:peter.leeman () btopenworld com] Sent: 02 January 2003 03:48 To: Gpl Subject: [gpl] Admin password Hi (Happy new year) I'm running Smoothwall gpl 1.0 and have found the following: When logging on to shut smoothwall down (using admin account) if I enter the correct password plus a few characters I can still get logged on ie, If password = password then 'blahblah' doesn't work 'password' does 'password123' does Strange but true, does anyone else get this, if not.. oh! if so is there a way to stop this. TIA Pete. _______________________________________________ gpl mailing list gpl () lists smoothwallusers org http://lists.smoothwallusers.org/mailman/listinfo/gpl SmoothWall Stash - Buy Our Stuff! http://cafepress.com/smoothwall This email and any attachments are strictly confidential and are intended solely for the addressee. If you are not the intended recipient you must not disclose, forward, copy or take any action in reliance on this message or its attachments. If you have received this email in error please notify the sender as soon as possible and delete it from your computer systems. Any views or opinions presented are solely those of the author and do not necessarily reflect those of HPD Software Limited or its affiliates. At present the integrity of email across the internet cannot be guaranteed and messages sent via this medium are potentially at risk. All liability is excluded to the extent permitted by law for any claims arising as a re- sult of the use of this medium to transmit information by or to HPD Software Limited or its affiliates.
Current thread:
- FW: [gpl] Admin password Sam Pointer (Jan 03)
- RE: [gpl] Admin password Dom De Vitto (Jan 03)
- Re: FW: [gpl] Admin password Cade Cairns (Jan 03)