Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] initial substring matches passwd when su'ing to root
  • From: John Andersen <jsa@xxxxxxxxxxxxxx>
  • Date: Sun, 16 Dec 2001 08:54:30 -0900
  • Message-id: <200112161754.fBGHsUh27931@xxxxxxxxxxxxxx>

Wierd. I can't get it to fail here. How long was the full root paswd?

On Sunday 16 December 2001 06:47 pm, Corvin Russell wrote:
> Hi all.
> By sheer accident I noticed that an initial substring (of 7 characters
> or longer) of my root password will return a match when I su to root.
> I have become a little lax about policing my system, which is just a
> home workstation, however, I am wondering if this is a known problem or if
> it is likely that I have been compromised. Frankly, I am soon to
> reinstall, and there is not exactly anything super-secret on my hard
> drive, so I am not too worried... but anyhow. BTW, I changed the root
> password and again, an initial substring (this time of 8 or more
> characters) returns a match.
> Corvin

John Andersen / Juneau Alaska

< Previous Next >