RE: [gpl] Admin password

It's just that the max password length is 8 I guess, as per older Unixes.

Anything after the first 8 characters is ignored, so you'll notice for a password "password":
"password", "password1", "password2", "password9999999" all work.

But for a password of "secret", only "secret" will ever work.

It's to do with crypt taking 64bits (8x8bit characters).

Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Dom De Vitto                                       Tel. 07855 805 271
http://www.devitto.com                         mailto:
dom(at)devitto.com

-----Original Message-----
From: Sam Pointer [mailto:sam.pointer@hpdsoftware.com] Sent: Friday, January 03, 2003 12:55 PM
To: 'vuln-dev@securityfocus.com'
Subject: FW: [gpl] Admin password

This posting just appeared on the Smoothwall GPL mailing list if anyone is interested (Smoothwall is a Linux-based GUIfied firewall: www.smoothwall.co.uk)

-----Original Message-----
From: Peter Leeman [mailto:peter.leeman@btopenworld.com] Sent: 02 January 2003 03:48
To: Gpl
Subject: [gpl] Admin password

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Hi (Happy new year)

I'm running Smoothwall gpl 1.0 and have found the following:

When logging on to shut smoothwall down (using admin account) if I enter the correct password plus a few characters I can still get logged on ie,

If password = password then
'blahblah' doesn't work
'password' does
'password123' does

Strange but true, does anyone else get this, if not.. oh! if so is there a way to stop this.

TIA
Pete.

SmoothWall Stash - Buy Our Stuff! http://cafepress.com/smoothwall

This email and any attachments are strictly confidential and are intended solely for the addressee. If you are not the intended recipient you must not disclose, forward, copy or take any action in reliance on this message or its attachments. If you have received this email in error please notify the sender as soon as possible and delete it from your computer systems. Any views or opinions presented are solely those of the author and do not necessarily reflect those of HPD Software Limited or its affiliates.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

 At present the integrity of email across the internet cannot be guaranteed and messages sent via this medium are potentially at risk. All liability is excluded to the extent permitted by law for any claims arising as a re- sult of the use of this medium to transmit information by or to
HPD Software Limited or its affiliates. Received on Fri Jan 3 16:48:35 2003