[11849] in bugtraq
Re: Redhat 6.0 Password Issues
daemon@ATHENA.MIT.EDU (Josh Higham)
Sat Sep 11 18:20:56 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <0cd301befb9e$1c3b3780$16e1fcce@tumur.bigsky.net>
Date: Fri, 10 Sep 1999 09:06:50 -0600
Reply-To: Josh Higham <jhigham@BIGSKY.NET>
From: Josh Higham <jhigham@BIGSKY.NET>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
>Gentleman;
>
>I submitted what I thought was a minor issue on Redhat's handling
>of passwords. Is it me? Is it something I missed? Any password you
>assign over 8 characters gets cut...
This is a result of UNIX crypt (I believe). Standard unix passwords only
handle the first 8 characters of a password; RH6.0 allows you to install MD5
passwords, which can give you additional length, if desired.
>
>At first I thought it was my system but its not since I tested it at
>home,
>but then at work its the same thing:
>
>------snip------
>passwd
>
>I typed it p4$sW3rd$ as my password
>but I was able to log in using p4$sW3rD
>
>ctrl-alt-del
>bash
>$
>passwd
>changed it to 1234567899999
>and I was able to log in using:
>12345678
>-----endsnip-----
>
>Does anyone else know of this?
>Has anyone heard of this?
>
>by the way I bcc'd this to Redhat as well. ;)
>
>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>Yours Truly
>J. Oquendo
>sil@antioffline.com
>sil@macroshaft.org
>
>
>"Linux -- Where you really can go tommorow"
>
>ID 0x1281EC4F
>DH/DSS
>4096/1024
>CIPHER: CAST
>PGP Fingerprint
>46C0 6A83 E6D2 FEA6 383A B9A6 44D3 4E77 1281 EC4F
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Personal Privacy 6.0.2
>
>iQA/AwUBN6d/aETTTncSgexPEQLuAgCfRF5dpZii9yEPnqZ+F+
>AEbzB+KL0An3mXPk+Y8lZxkr0crgw72zPX5w71=tCpK
>-----END PGP SIGNATURE-----
