[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
gnats/395: gnats-pwconv
From: |
pmt |
Subject: |
gnats/395: gnats-pwconv |
Date: |
Wed, 26 Jun 2002 11:06:42 -0400 |
>Number: 395
>Category: gnats
>Synopsis: gnats-pwconv
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jun 26 11:06:42 -0400 2002
>Originator: Pascal Meyrat
>Release: gnats 4.0 beta 1
>Organization:
>Environment:
PC, Linux SuSE 7.3
>Description:
By converting gnats3 passwords to crypted passwords, "gnats-conv" returns:
"salt" and "crypt() function return value". The crypt() function returns 13
printable characters and the first 2 characters already represent the "salt".
So we have the salt twice. Therefore there will be a problem by checking
passwords.
>How-To-Repeat:
>Fix:
In gnats-pwconv.c, change "result=asprintf(newpwentry,
"%s%s",salt,crypt(clearpwstring,salt));" to "result=asprintf(newpwentry,
"%s",crypt(clearpwstring,salt));"
>Unformatted:
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- gnats/395: gnats-pwconv,
pmt <=