Bug 84617 - Password typed correctly with extra characters appended successfully authenticates
Password typed correctly with extra characters appended successfully authenti...
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: xscreensaver (Show other bugs)
8.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-02-19 13:13 EST by Nevermind
Modified: 2014-03-16 22:34 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-02-19 15:20:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nevermind 2003-02-19 13:13:07 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Description of problem:
I am using Xscreensaver on Toshiba 4080xcdt laptop.  Pentium II 366 processor,
128MB RAM.  RH8.0, plus all RHN updates.  When I lock the screen with
Xscreensaver, it takes additional characters for my password as valid.  So, if
my password is "password", I can input
"passworda;lksdjfl;asjf;lkasdjf;lasdjfl;aksdjfl;kasdjf;alsdkjf" and successfully
authenticate.  I append any ammount of characters to the correct password and it
authenticates.  Now, I need to have the correct password to append to, but I
thought that it would pass the whole text box rather than parse it when its
correct.  If I attach extra characters BEFORE my password, it does NOT work.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Activate Xscreensaver with password protection
2.type my password + any ammount of extra characters
3.success!
    

Actual Results:  Success!

Expected Results:  I guess it should have said Sorry!!

Additional info:
Comment 1 Bill Nottingham 2003-02-19 15:20:37 EST
Passwords under some authentication methods are limited to 8 characters;
anything else is ignored.

Note You need to log in before you can comment on or make changes to this bug.