[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Root has 10 different passwords on Qube2

Subject: Re: [cobalt-security] Root has 10 different passwords on Qube2
From: Åke Brännström <ake@xxxxxxxxxxx>
Date: Sat, 9 Sep 2000 17:53:29 +0200
Organization: Department of Mathematics

Yes, the password encryption algorithm only makes use of the first eight
characters and disregards the rest. There is no trivial way of increasing this
number, so the best thing you can do is choose a good password containing
number, special characters as well as a mix of upper case and lower case
letters. 

Hope this helps, and remember that even at eight charachters, the number of
possible combinations are enormous!

Sincerely,
Ake Brannstrom

On Fri, 08 Sep 2000, you wrote:
> Hello, we were testing our Qube2 via telnet & noticed
> that we can type at least 10 different combinations of
> our root password and gain access.  We now noticed
> that the machine is only taking 8 characters of our
> password, when we set it to 11 characters and have
> been typing 11 characters all along.  Is there a 8
> character limitation for the Qube2's root password,
> and if not how can we increase the # of characters
> that it can have.
> Cheers,
> RT

References:
- [cobalt-security] Root has 10 different passwords on Qube2
  - From: Rod Todd

Prev by Date: [cobalt-security] tmpwatch: local DoS : fork()bomb as root (fwd)
Next by Date: [cobalt-security] list.cobalt.com is in ORBS
Previous by thread: [cobalt-security] Root has 10 different passwords on Qube2
Next by thread: [cobalt-security] Question about patches

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index