11 Aug
2010
11 Aug
'10
5:38 p.m.
Hi,
I've found a bug/problem with my centos 5.5 server. Any users who have a password of 9 characters or more, only the first 9 characters are used by the OS... eg. i set my password to "123456789" and i try logon via ssh with password "123456789ofgjdfuh" - it lets me in. and if i set my password to "qwertasdfGHJB" and i enter "qwertasdfSDWQWSDS" - it lets me in...
The 'passwd' command only recognises the first 9 characters too...
Has anyone seen this before, or know how to fix it? I feel its a major security risk and would like it fixed ASAP.
Thanks, Matt