*** This bug is a security vulnerability ***
You have been subscribed to a public security bug:
Today while I was entering my password at my Ubuntu 8.10 login desktop,
by mistake I entered one character more than the actual password.
Everything was working fine. I noticed this was also the case when using
administrative applications in 'System -> Administration'. It also
exists for 'sudo' (root user) commands used in the terminal.
The login is successful whenever password is entered correctly upto
eight characters (or less for smaller passwords), irrespective of length
of password.
Suppose if my password is 'calculator'
Entering following passwords will give successful login:
1. calculater
2. calculatexor
3. calculat
Many other combinations are possible. The only condition is that the
password should correct upto eight characters or less for smaller
password.
** Affects: launchpad
Importance: Undecided
Status: Invalid
** Affects: system-tools-backends (Ubuntu)
Importance: Undecided
Status: Invalid
--
Ubuntu 8.10 Password Bug
https://bugs.edge.launchpad.net/bugs/322604
You received this bug notification because you are a member of Ubuntu Desktop
Bugs, which is subscribed to system-tools-backends in ubuntu.
--
desktop-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
