[Bug 216055] New: Found bug in htpasswd2
https://bugzilla.novell.com/show_bug.cgi?id=216055 Summary: Found bug in htpasswd2 Product: SUSE LINUX 10.0 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: battik-com@web.de QAContact: qa@suse.de when you create a password with htpasswd2 and using special character in the end of your password, the special character wil be ignored! The special character is only set, if the character has been set up on the beginning or between the normal alphanumeric character. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=216055 battik-com@web.de changed: What |Removed |Added ---------------------------------------------------------------------------- Alias| |htpasswd2 Priority|P5 - None |P3 - Medium -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=216055 lkundrak@redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lkundrak@redhat.com ------- Comment #1 from lkundrak@redhat.com 2006-10-30 09:53 MST ------- I was unable to reproduce the bug with OpenSUSE 10.2 Alpha 5. Could you please be more specific, eg. could you please quote which string did not work for you, whether htpasswd of httpd ignores it, and whether you are able to lig in when the character is present at the end of the password? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=216055 battik-com@web.de changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |battik-com@web.de ------- Comment #2 from battik-com@web.de 2006-10-30 11:42 MST ------- I don't no where to search for this problem. Perhaps it's only a problem on my system (or not?). I created an account with htpasswd2 and following characters: " zsekThre# " and tried to login on my web-server. I can type "zsekThre" or " zsekThre#!$)(..... " and have access. I tried another combinations of alphanumeric characters and special character and the resultat is: on some combinations it works, but not for all. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=216055 ------- Comment #3 from thomas@novell.com 2006-10-30 11:57 MST ------- Did you use md5 or sha-1 for encryption or did you use the default (which is unix' crypt() function)? In the latter case only 8 chars are recognized for a password, everything else is ignored. The leading blank (" ") may get ignored when using option -b or maybe even a hard-coded rule in htpasswd2, dunno... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=216055 ------- Comment #4 from lkundrak@redhat.com 2006-10-30 13:19 MST ------- Thomas is exactly right. DES alghorithm limits the length of the password by eight character and htpasswd uses it by default on platforms with native crypt(), which includes OpenSUSE. Please close the bug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=216055 battik-com@web.de changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Comment #5 from battik-com@web.de 2006-10-30 14:30 MST ------- That's right. I'm sorry about my mismatch -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com