Bug 5410 - Linux only checks the first 8 characters of password entered
Summary: Linux only checks the first 8 characters of password entered
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: passwd
Version: 6.0
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-09-28 04:34 UTC by joel
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 1999-09-28 14:47:52 UTC
Embargoed:


Attachments (Terms of Use)

Description joel 1999-09-28 04:34:25 UTC
Linux doesn't seem to check the full password string entered
against that password database, or only stores the first 8
letters.  If my password was joelwener1010, entering
joelwene, at a telnet, or e-mail password prompt would be
accepted, and I would be logged into the system.  This can
be a security problem especially if the password is meant to
be long in the first place.

Joel Wener

Comment 1 Bill Nottingham 1999-09-28 14:47:59 UTC
Standard unix behavior for crypt() password.

Turning on shadow & md5 passwords will solve this.


Note You need to log in before you can comment on or make changes to this bug.