Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
initial substring matches passwd when su'ing to root
  • From: Corvin Russell <corvinr@xxxxxxxxxxxx>
  • Date: Sun, 16 Dec 2001 22:47:26 -0500
  • Message-id: <20011216224726.A1901@xxxxxxxxxxxxxxxxxxxxxx>
Hi all.

By sheer accident I noticed that an initial substring (of 7 characters
or longer) of my root password will return a match when I su to root.

I have become a little lax about policing my system, which is just a
home workstation, however, I am wondering if this is a known problem or if
it is likely that I have been compromised. Frankly, I am soon to
reinstall, and there is not exactly anything super-secret on my hard
drive, so I am not too worried... but anyhow. BTW, I changed the root
password and again, an initial substring (this time of 8 or more
characters) returns a match.



Corvin Russell <corvinr@xxxxxxxxxxxx>

< Previous Next >