Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] initial substring matches passwd when su'ing to root
  • From: Corvin Russell <corvinr@xxxxxxxxxxxx>
  • Date: Mon, 17 Dec 2001 01:09:32 -0500
  • Message-id: <20011217010932.A2636@xxxxxxxxxxxxxxxxxxxxxx>
On Sun, Dec 16, 2001 at 08:54:30AM -0900, John Andersen wrote:

> Wierd. I can't get it to fail here. How long was the full root paswd?

The original (for which an initial substring of 7 or more characters
matched) was 16 characters long. The second (matching for at least
the 8 initial characters) is 10 characters long.

> >
> > By sheer accident I noticed that an initial substring (of 7 characters
> > or longer) of my root password will return a match when I su to root.
> >
> > I have become a little lax about policing my system, which is just a
> > home workstation, however, I am wondering if this is a known problem or if
> > it is likely that I have been compromised. Frankly, I am soon to
> > reinstall, and there is not exactly anything super-secret on my hard
> > drive, so I am not too worried... but anyhow. BTW, I changed the root
> > password and again, an initial substring (this time of 8 or more
> > characters) returns a match.

Corvin Russell <corvinr@xxxxxxxxxxxx>

< Previous Next >