Bug 84617 - Password typed correctly with extra characters appended successfully authenticates
Summary: Password typed correctly with extra characters appended successfully authenti...
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: xscreensaver (Show other bugs)
(Show other bugs)
Version: 8.0
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-02-19 18:13 UTC by Nevermind
Modified: 2014-03-17 02:34 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-02-19 20:20:37 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Nevermind 2003-02-19 18:13:07 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Description of problem:
I am using Xscreensaver on Toshiba 4080xcdt laptop.  Pentium II 366 processor,
128MB RAM.  RH8.0, plus all RHN updates.  When I lock the screen with
Xscreensaver, it takes additional characters for my password as valid.  So, if
my password is "password", I can input
"passworda;lksdjfl;asjf;lkasdjf;lasdjfl;aksdjfl;kasdjf;alsdkjf" and successfully
authenticate.  I append any ammount of characters to the correct password and it
authenticates.  Now, I need to have the correct password to append to, but I
thought that it would pass the whole text box rather than parse it when its
correct.  If I attach extra characters BEFORE my password, it does NOT work.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Activate Xscreensaver with password protection
2.type my password + any ammount of extra characters
3.success!
    

Actual Results:  Success!

Expected Results:  I guess it should have said Sorry!!

Additional info:

Comment 1 Bill Nottingham 2003-02-19 20:20:37 UTC
Passwords under some authentication methods are limited to 8 characters;
anything else is ignored.


Note You need to log in before you can comment on or make changes to this bug.