Bug 5410 – Linux only checks the first 8 characters of password entered

Bug 5410 - Linux only checks the first 8 characters of password entered

Summary:	Linux only checks the first 8 characters of password entered

Status:	CLOSED NOTABUG

Aliases:	None

Product:	Red Hat Linux
Classification:	Retired
Component:	passwd (Show other bugs)
Sub Component:
Version:	6.0
Hardware:	All Linux

Priority	high Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	David Lawrence
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:	Security

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	1999-09-28 00:34 EDT by joel
Modified:	2008-05-01 11:37 EDT (History)
CC List:	0 users

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	1999-09-28 10:47:52 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description joel 1999-09-28 00:34:25 EDT

Linux doesn't seem to check the full password string entered
against that password database, or only stores the first 8
letters.  If my password was joelwener1010, entering
joelwene, at a telnet, or e-mail password prompt would be
accepted, and I would be logged into the system.  This can
be a security problem especially if the password is meant to
be long in the first place.

Joel Wener

Comment 1 Bill Nottingham 1999-09-28 10:47:59 EDT

Standard unix behavior for crypt() password.

Turning on shadow & md5 passwords will solve this.

Note You need to log in before you can comment on or make changes to this bug.