From nobody@FreeBSD.org  Sun Jul 25 23:01:06 2004
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8A0C616A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 25 Jul 2004 23:01:06 +0000 (GMT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7FAE143D1F
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 25 Jul 2004 23:01:06 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.11/8.12.11) with ESMTP id i6PN16e9063936
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 25 Jul 2004 23:01:06 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.11/8.12.11/Submit) id i6PN16AH063934;
	Sun, 25 Jul 2004 23:01:06 GMT
	(envelope-from nobody)
Message-Id: <200407252301.i6PN16AH063934@www.freebsd.org>
Date: Sun, 25 Jul 2004 23:01:06 GMT
From: Timothy Radigan <tradigan@newrevolutions.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: When logging in or su'ing to root, I noticed that if you type the correct password but add characters to the end of the correct password, the password still passes validation and allows you to login
X-Send-Pr-Version: www-2.3

>Number:         69596
>Category:       misc
>Synopsis:       When logging in or su'ing to root, I noticed that if you type the correct password but add characters to the end of the correct password, the password still passes validation and allows you to login
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jul 25 23:10:15 GMT 2004
>Closed-Date:    Mon Jul 26 21:11:43 GMT 2004
>Last-Modified:  Mon Jul 26 21:11:43 GMT 2004
>Originator:     Timothy Radigan
>Release:        5.1
>Organization:
New Revolutions
>Environment:
FreeBSD nr-fbsd-01.newrevolutions.net 5.1-RELEASE-p16 FreeBSD 5.1-RELEASE-p16 #2: Sat May 15 14:35:21 EDT 2004    radigan@nr-fbsd-01.newrevolutions.net:/usr/obj/usr/src/sus/nr-fbsd-01  i386
>Description:
When logging into my FreeBSD server, I logged on as my regular user and typed the password correctly but added a few extra characters after I entered my password.  Suprisingly, the machine let me in.  I tried to log in with a completely wrong password and it denied access.  This problem also occurs when su'ing to root.  I type su, then type the password (correctly) and add extra characters on the end and it granted me root access.
>How-To-Repeat:
Log in using an account, type the correct password and a few extra characters after the correct password and try to log in.  You will be validated and access is granted.
>Fix:
      
>Release-Note:
>Audit-Trail:

From: Ceri Davies <ceri@submonkey.net>
To: Timothy Radigan <tradigan@newrevolutions.net>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/69596: When logging in or su'ing to root, I noticed that if you type the correct password but add characters to the end of the correct password, the password still passes validation and allows you to login
Date: Mon, 26 Jul 2004 13:14:55 +0100

 On Sun, Jul 25, 2004 at 11:01:06PM +0000, Timothy Radigan wrote:
 
 > Log in using an account, type the correct password and a few extra
 > characters after the correct password and try to log in.  You will
 > be validated and access is granted.
 
 At a guess, I'd say that you are using DES encrypted passwords, and your
 password (after appending the extra characters) is more than 8 characters
 long.  This is a common limitation with DES.
 
 Ceri
 -- 
 It is not tinfoil, it is my new skin.  I am a robot.

From: Ceri Davies <ceri@submonkey.net>
To: FreeBSD Gnats Submit <freebsd-gnats-submit@FreeBSD.org>
Cc:  
Subject: [tradigan@newrevolutions.net: RE: misc/69596: When logging in or su'ing to root, I noticed that if you type the correct password but add characters to the end of the correct password, the password still passes validation and allows you to login]Date: Mon, 26 Jul 2004 15:11:32 +0100

 Message-ID: <20040726141132.GE24947@submonkey.net>
 Mail-Followup-To: Ceri Davies <ceri@submonkey.net>,
 	FreeBSD Gnats Submit <freebsd-gnats-submit@FreeBSD.org>
 Mime-Version: 1.0
 Content-Type: multipart/mixed; boundary="hxkXGo8AKqTJ+9QI"
 Content-Disposition: inline
 X-PGP: finger ceri@FreeBSD.org
 User-Agent: Mutt/1.5.6i
 Sender: Ceri Davies <setantae@submonkey.net>
 
 
 --hxkXGo8AKqTJ+9QI
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 Adding to audit trail.
 
 --hxkXGo8AKqTJ+9QI
 Content-Type: message/rfc822
 Content-Disposition: inline
 
 Return-path: <tradigan@newrevolutions.net>
 Envelope-to: ceri@submonkey.net
 Delivery-date: Mon, 26 Jul 2004 13:50:21 +0100
 Received: from ns1.flncs.com ([204.0.142.254] helo=beastie.flncs.com)
 	by shrike.submonkey.net with smtp (Exim 4.41 (FreeBSD))
 	id 1Bp4vn-0002FE-82
 	for ceri@submonkey.net; Mon, 26 Jul 2004 13:50:21 +0100
 Received: (qmail 26593 invoked by uid 89); 26 Jul 2004 11:55:01 -0000
 Received: from h-66-166-153-84.phlapafg.covad.net (HELO l03ptradigan) (tradigan@newrevolutions.net@66.166.153.84)
   by beastie.flncs.com with SMTP; 26 Jul 2004 11:55:01 -0000
 From: "Timothy Radigan" <tradigan@newrevolutions.net>
 To: "Ceri Davies" <ceri@submonkey.net>
 Subject: RE: misc/69596: When logging in or su'ing to root, I noticed that if you type the correct password but add characters to the end of the correct password, the password still passes validation and allows you to login
 Date: Mon, 26 Jul 2004 08:50:06 -0400
 Message-ID: <ALEJJLKJDNFOODLHIENAOEDHCAAA.tradigan@newrevolutions.net>
 MIME-Version: 1.0
 Content-Type: text/plain;
 	charset="us-ascii"
 Content-Transfer-Encoding: 7bit
 X-Priority: 3 (Normal)
 X-MSMail-Priority: Normal
 X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
 In-Reply-To: <20040726121455.GD24947@submonkey.net>
 Importance: Normal
 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
 X-Spam-Level: 
 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on 
 	shrike.private.submonkey.net
 X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=ham 
 	version=2.63
 
 Indeed.  Man I feel dumb.  I didn't even put the two together.  Thanks for
 bringing that to my attention.
 
 -----Original Message-----
 From: Ceri Davies [mailto:setantae@submonkey.net]On Behalf Of Ceri
 Davies
 Sent: Monday, July 26, 2004 8:15 AM
 To: Timothy Radigan
 Cc: freebsd-gnats-submit@FreeBSD.org
 Subject: Re: misc/69596: When logging in or su'ing to root, I noticed
 that if you type the correct password but add characters to the end of
 the correct password, the password still passes validation and allows
 you to login
 
 
 On Sun, Jul 25, 2004 at 11:01:06PM +0000, Timothy Radigan wrote:
 
 > Log in using an account, type the correct password and a few extra
 > characters after the correct password and try to log in.  You will
 > be validated and access is granted.
 
 At a guess, I'd say that you are using DES encrypted passwords, and your
 password (after appending the extra characters) is more than 8 characters
 long.  This is a common limitation with DES.
 
 Ceri
 --
 It is not tinfoil, it is my new skin.  I am a robot.
 
 
 --hxkXGo8AKqTJ+9QI--
State-Changed-From-To: open->closed 
State-Changed-By: simon 
State-Changed-When: Mon Jul 26 21:11:18 GMT 2004 
State-Changed-Why:  
Close the PR since this is a limitation in DES, as noted in ceri's 
followups. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=69596 
>Unformatted:
