Verify Password Authenticates User On Wrong Password [Archive]

View Full Version : Verify Password Authenticates User On Wrong Password

maycotte

10-03-2004, 07:53 PM

CMD_API_VERIFY_PASSWORD returns true (valid=1) for a truncated password.

For example, if the user is 'user' and the password is 'password' but instead you send 'passwor' it retuns valid=1. It seems that it is only authenticating on the first 7 characters...

send:
https://www.domain.com:2222/CMD_API_VERIFY_PASSWORD?user=user&passwd=passwor

returns:
valid=1

Is this a problem??

nobaloney

10-04-2004, 09:10 AM

Only if you think it is.

I don't see this result using RHL and using RHEL.

What OS are you using.

Jeff

maycotte

10-04-2004, 03:27 PM

Redhat 7.1

nobaloney

10-04-2004, 06:13 PM

I don't recall which versions of RHL started using long passwords by default.

Jeff