Mailing List Archive: Apache: Bugs

[Bug 46152] access allowed if password matches first seven characters of real password

Index | Next | Previous | View Threaded

bugzilla at apache

Jun 18, 2009, 4:54 AM

Post #1 of 1 (180 views)
Permalink

[Bug 46152] access allowed if password matches first seven characters of real password

https://issues.apache.org/bugzilla/show_bug.cgi?id=46152

Dan Poirier <poirier[at]pobox.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO

--- Comment #1 from Dan Poirier <poirier[at]pobox.com> 2009-06-18 04:54:14 PST ---
The doc for htpasswd on 2.2 and trunk does say that when encrypted using
crypt() (the default), only the first 8 characters of the password are used.
That might have been added since your bug report, I don't know.

Are you sure it's 7 and not 8 characters? Both the htpasswd doc, and the
crypt(3) man page, say that 8 characters are used.

--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: bugs-help[at]httpd.apache.org

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com