[CentOS] sshd bug?

Wed Aug 11 15:38:22 UTC 2010
Matt Keating <keatster at gmail.com>

Hi,

I've found a bug/problem with my centos 5.5 server. Any users who have
a password of 9 characters or more, only the first 9 characters are
used by the OS...
eg. i set my password to "123456789" and i try logon via ssh with
password "123456789ofgjdfuh" - it lets me in.
 and if i set my password to "qwertasdfGHJB" and i enter
"qwertasdfSDWQWSDS" - it lets me in...

The 'passwd' command only recognises the first 9 characters too...

Has anyone seen this before, or know how to fix it? I feel its a major
security risk and would like it fixed ASAP.

Thanks,
Matt