[13551] in Athena Bugs
rsaix 7.7K: login problem
daemon@ATHENA.MIT.EDU (Sohrab Ismail-Beigi)
Sun Jun 4 21:41:21 1995
To: bugs@MIT.EDU
Date: Sun, 04 Jun 1995 21:41:17 EDT
From: Sohrab Ismail-Beigi <sismail@MIT.EDU>
System name: m4-035-18
Type and version: POWER 7.7K
Display type: graygda
What were you trying to do?
I was logging on the standard Athena login page.
I typed my username and only the first 8 letters of my
password (my full password is 14 characters long). The machine
let me log in with partial authentication.
What's wrong:
This is REALLY BAD! A person can impersonate me by only knowing
part of my passwrod. THIS COULD BE A BIG SECURITY PROBLEM.
What should have happened:
The machine should have refused my login attempt.
Please describe any relevant documentation references:
The normal signup text on Athena says all the password's characters
(up to a very long length) are siginificant.
