Re: SSH permits root-Logins with wrong password
On 2004-06-16 at 16:02:59, Andrew Perrin wrote:
> > >> > I have a Debian testing server on my network with OpenSSH running.
> > >> > If I try to log in as root but with wrong password I get access...
> Quick questions:
> (1) how long is the password?; and
> (2) is the variation you're trying at the end?
(1) password is 8 chars long
(2) no it's not, example:
correct password: one4two
wrong password: three4one
> some hash techniques limit password length and truncate the string after
> that point, so if you're changing or appending a character after that
> point you would get the behavior you describe.
this case does not apply with the two passwords used.
Regards,
Frank
--
Mail: fbn@thelogic.org
XMPP: fbn@charente.de
Reply to: