Red Hat Bugzilla – Bug 84617
Password typed correctly with extra characters appended successfully authenticates
Last modified: 2014-03-16 22:34:33 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003
Description of problem:
I am using Xscreensaver on Toshiba 4080xcdt laptop. Pentium II 366 processor,
128MB RAM. RH8.0, plus all RHN updates. When I lock the screen with
Xscreensaver, it takes additional characters for my password as valid. So, if
my password is "password", I can input
"passworda;lksdjfl;asjf;lkasdjf;lasdjfl;aksdjfl;kasdjf;alsdkjf" and successfully
authenticate. I append any ammount of characters to the correct password and it
authenticates. Now, I need to have the correct password to append to, but I
thought that it would pass the whole text box rather than parse it when its
correct. If I attach extra characters BEFORE my password, it does NOT work.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Activate Xscreensaver with password protection
2.type my password + any ammount of extra characters
Actual Results: Success!
Expected Results: I guess it should have said Sorry!!
Passwords under some authentication methods are limited to 8 characters;
anything else is ignored.