[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Security Problem in Pass
- Subject: Re: [cobalt-security] Security Problem in Pass
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Sun, 26 May 2002 05:11:55 +0000 (GMT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
R> Date: Sun, 26 May 2002 11:56:04 +0800
R> From: Rick
R> My password is 11 chars long.
R> But, as long as i type in 8chars, it accepts me in to shell.
R> I would like to know how do i fix this problem of mine.
Sounds like you're running Unix crypt passwd encoding instead of
MD5. What model RAQ?
/etc/passwd will contain lines that look like one of the
following:
user:x:....
user:garbage:....
if the latter (i.e., several chars in second field), you have a
problem and need to run shadow passwords.
If the former, look in /etc/shadow for one of the following:
user:garbage:....
user:$1$garbage$moregarbage:....
When the second field lacks $ chars, you're using passwords
encoded via Unix crypt(). DO NOT post those on-list, or someone
probably will run crack on them and have a heyday.
If you could, please confirm the formats used in both /etc/passwd
and /etc/shadow WITHOUT giving actual entries from the second
field. (In fact, if you're not running shadow passwords, you
might not admit that on-list.)
--
Eddy
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.