apr-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 45679] SHA1 passwords starting with {SHA} don't work and cause a minor buffer overrun
Date Mon, 25 Aug 2008 11:04:08 GMT

--- Comment #3 from Bojan Smojver <bojan@rexursive.com>  2008-08-25 04:04:07 PST ---
Isn't the point here that "{SHA}" prefix isn't actually part of the password?

The way I'm reading the code is that "clear" can be either {SHA}password or
just password and base64 encoded value "out" should be the same. No?

Maybe you have hashes of {SHA}password stored in your .htpasswd file (instead
of just password), so the patch gives different values of the hash, because it
ignores the "{SHA}" prefix? In other words, if you regenerate .htpasswd from
scratch, does it work?

Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org

View raw message