Security problem

QNX Newsgroups (Archives) qnx.qnx4
1

Is it a feature or a bug ?

/home/auser# passwd
changing password for auser
New password : somepass
Retype new password : somepass

Then :

login : auser
password : somepass and everything else behind ???!!!
/home/auser#

That seems to occur (including for the root account) when the password
is long of at least 6 characters and when the last character is
doubled.


Romain PETIT
http://cerbermail.com/?O16kfXOFcq
(cliquez sur le lien ci-dessus pour me contacter en privé)

2

rp <rp@no.com> wrote:

It is a behaviour.

For at least some versions (not sure if the security patch
changed this or not), QNX 4 just encrypted/used the first 8
letters of the password for matching. Sure, you could type
lots of letters, but only the first 8 were used.

-David


David Gibbs
QNX Training Services
dagibbs@qnx.com