Bug 1806354 - cracklib-check returns OK for a clearly bad password
Summary: cracklib-check returns OK for a clearly bad password
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: cracklib
Version: 31
Hardware: x86_64
OS: Linux
low
low
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-02-24 01:29 UTC by Wayne Walker
Modified: 2020-02-24 08:33 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-02-24 08:33:17 UTC
Type: Bug


Attachments (Terms of Use)

Description Wayne Walker 2020-02-24 01:29:54 UTC
Description of problem:
cracklib-check returns OK for a clearly bad password:


Version-Release number of selected component (if applicable):
cracklib-2.9.6-21.fc31.src.rpm

How reproducible:
Always

Steps to Reproduce:

Test the password "wayne walker" with a passwd entry:

wwalker:x:1000:1000:Wayne Walker:/home/wwalker:/bin/bash

wwalker@browncoat:~ ✓ $ echo "wayne walker"  | cracklib-check
wayne walker: OK
wwalker@browncoat:~ ✓ $ echo "walker"  | cracklib-check
walker: it is too simplistic/systematic
wwalker@browncoat:~ ✓ $ echo "wayne-walker"  | cracklib-check
wayne-walker: it is derived from your password entry
wwalker@browncoat:~ ✓ $ echo "wayne"  | cracklib-check
wayne: it is too short


Actual results:

wayne walker: OK


Expected results:

wayne walker: it is based on a dictionary word
wayne walker: it is derived from your password entry

Additional info:

Comment 1 Wayne Walker 2020-02-24 01:43:34 UTC
Without "Wayne Walker" in the GCOS field.  It allows wayne-walker also:

wwalker@browncoat:~ ✓ $ echo "wayne-walker" | cracklib-check 
wayne-walker: OK

Comment 2 Tomas Mraz 2020-02-24 08:33:17 UTC
cracklib-check is a testing tool. We use libpwquality and pam_pwquality to check the password strength for the real system passwords and this tool allows to check the gecos if you set gecoscheck=1 in /etc/pwquality.conf.


Note You need to log in before you can comment on or make changes to this bug.