Vulnerability Development mailing list archives

Re: FW: [gpl] Admin password

From: Cade Cairns <cairnsc () securityfocus com>
Date: Fri, 3 Jan 2003 14:37:38 -0700 (MST)

Oops, probably approved this a bit too hastily. This is assumedly due to
the use of unix crypt().

Cade Cairns
Symantec Corporation

On Fri, 3 Jan 2003, Sam Pointer wrote:

This posting just appeared on the Smoothwall GPL mailing list if anyone is
interested (Smoothwall is a Linux-based GUIfied firewall:
www.smoothwall.co.uk)

-----Original Message-----
From: Peter Leeman [mailto:peter.leeman () btopenworld com]
Sent: 02 January 2003 03:48
To: Gpl
Subject: [gpl] Admin password

Hi (Happy new year)

I'm running Smoothwall gpl 1.0 and have found the following:

When logging on to shut smoothwall down (using admin account) if I enter the
correct password plus a few characters I can still get logged on ie,

If password = password then
'blahblah' doesn't work
'password' does
'password123' does

Strange but true, does anyone else get this, if not.. oh! if so is there a
way to stop this.

TIA
Pete.
_______________________________________________
gpl mailing list
gpl () lists smoothwallusers org
http://lists.smoothwallusers.org/mailman/listinfo/gpl

SmoothWall Stash - Buy Our Stuff! http://cafepress.com/smoothwall

This email and any attachments are strictly confidential and are intended
solely for the addressee. If you are not the intended recipient you must
not disclose, forward, copy or take any action in reliance on this message
or its attachments. If you have received this email in error please notify
the sender as soon as possible and delete it from your computer systems.
Any views or opinions presented are solely those of the author and do not
necessarily reflect those of HPD Software Limited or its affiliates.

 At present the integrity of email across the internet cannot be guaranteed
and messages sent via this medium are potentially at risk.  All liability
is excluded to the extent permitted by law for any claims arising as a re-
sult of the use of this medium to transmit information by or to
HPD Software Limited or its affiliates.

Current thread:

FW: [gpl] Admin password Sam Pointer (Jan 03)
- RE: [gpl] Admin password Dom De Vitto (Jan 03)
- Re: FW: [gpl] Admin password Cade Cairns (Jan 03)