It's just that the max password length is 8 I guess, as per older Unixes. Anything after the first 8 characters is ignored, so you'll notice for a password "password": "password", "password1", "password2", "password9999999" all work. But for a password of "secret", only "secret" will ever work. It's to do with crypt taking 64bits (8x8bit characters). Dom - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dom De Vitto Tel. 07855 805 271 http://www.devitto.com mailto:domat_private - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -----Original Message----- From: Sam Pointer [mailto:sam.pointerat_private] Sent: Friday, January 03, 2003 12:55 PM To: 'vuln-devat_private' Subject: FW: [gpl] Admin password This posting just appeared on the Smoothwall GPL mailing list if anyone is interested (Smoothwall is a Linux-based GUIfied firewall: www.smoothwall.co.uk) -----Original Message----- From: Peter Leeman [mailto:peter.leemanat_private] Sent: 02 January 2003 03:48 To: Gpl Subject: [gpl] Admin password Hi (Happy new year) I'm running Smoothwall gpl 1.0 and have found the following: When logging on to shut smoothwall down (using admin account) if I enter the correct password plus a few characters I can still get logged on ie, If password = password then 'blahblah' doesn't work 'password' does 'password123' does Strange but true, does anyone else get this, if not.. oh! if so is there a way to stop this. TIA Pete. _______________________________________________ gpl mailing list gplat_private http://lists.smoothwallusers.org/mailman/listinfo/gpl SmoothWall Stash - Buy Our Stuff! http://cafepress.com/smoothwall This email and any attachments are strictly confidential and are intended solely for the addressee. If you are not the intended recipient you must not disclose, forward, copy or take any action in reliance on this message or its attachments. If you have received this email in error please notify the sender as soon as possible and delete it from your computer systems. Any views or opinions presented are solely those of the author and do not necessarily reflect those of HPD Software Limited or its affiliates. At present the integrity of email across the internet cannot be guaranteed and messages sent via this medium are potentially at risk. All liability is excluded to the extent permitted by law for any claims arising as a re- sult of the use of this medium to transmit information by or to HPD Software Limited or its affiliates.
This archive was generated by hypermail 2b30 : Fri Jan 03 2003 - 18:50:19 PST