[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#606958: Truncation with passwords generated with htpasswd



Package: apache2-utils
Version: 2.2.9-10+lenny8



-- System Information:
Debian Release: 5.0.7
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages apache2-utils depends on:
ii  libapr1             1.2.12-5+lenny2      The Apache Portable Runtime Library
ii  libaprutil1         1.2.12+dfsg-8+lenny5 The Apache Portable Runtime Utility
ii  libc6               2.7-18lenny6         GNU C Library: Shared libraries
ii  libssl0.9.8         0.9.8g-15+lenny9     SSL shared libraries

apache2-utils recommends no packages.

apache2-utils suggests no packages.

-- no debconf information


Procedure to generate the password:

htpasswd -c /etc/apache2/htpasswd/mysite.htpasswd operador


In tests with passwords longer than eight characters, passwords are also
valid when more than eight characters and less than the total characters
of the original password are introduced. Example:

Original password: nienpedoteladigo

Tests:

nienpedo                -> password ok.
nienpedot               -> password ok.
nienpedote              -> passowrd ok.
nienpedotel             -> password ok.
nienpedotela            -> password ok.
nienpedotelad           -> password ok.
[...]
nienpedoteladigodenuevo -> password ok.


Regards,
Daniel
-- 
Daniel Bareiro - GNU/Linux registered user #188.598
Proudly running Debian GNU/Linux with uptime:
07:23:55 up 61 days,  7:50, 10 users,  load average: 0.00, 0.00, 0.00

Attachment: signature.asc
Description: Digital signature


Reply to: