bugzilla at apache
Jun 18, 2009, 4:54 AM
Views: 187
Permalink
|
|
[Bug 46152] access allowed if password matches first seven characters of real password
|
|
https://issues.apache.org/bugzilla/show_bug.cgi?id=46152
Dan Poirier <poirier[at]pobox.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #1 from Dan Poirier <poirier[at]pobox.com> 2009-06-18 04:54:14 PST ---
The doc for htpasswd on 2.2 and trunk does say that when encrypted using
crypt() (the default), only the first 8 characters of the password are used.
That might have been added since your bug report, I don't know.
Are you sure it's 7 and not 8 characters? Both the htpasswd doc, and the
crypt(3) man page, say that 8 characters are used.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: bugs-help[at]httpd.apache.org
|
[Bug 46152] access allowed if password matches first seven characters of real password