[Pkg-shadow-devel] Bug#406046: Useradd: limits password to eight
characters
Tina Isaksen
tinaweb at bestemselv.com
Mon Jan 8 09:13:22 CET 2007
Package: passwd
Version: 1:4.0.18.1-6
Severity: important
Wehen using useradd with an encrypted password the password is limited to eight caracters but this is not
mentioned anywhere.
Example: Cleartext password "testuserpass" makes encrypted password "33nGdctTISeok". The system then accept
"testuser" as password when loging in.
Since this is not mentioned anywhere it poses a security risk even if one uses complex password but the
'complexity' is after the first eight characters (which might be a word easily cracked)
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18
Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8)
Versions of packages passwd depends on:
ii debianutils 2.17 Miscellaneous utilities specific t
ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries
ii libpam-modules 0.79-4 Pluggable Authentication Modules f
ii libpam0g 0.79-4 Pluggable Authentication Modules l
ii libselinux1 1.32-3 SELinux shared libraries
ii login 1:4.0.18.1-6 system login tools
passwd recommends no packages.
-- debconf information excluded
More information about the Pkg-shadow-devel
mailing list