httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 47573] htpasswd vulnerable after 8 characters
Date Mon, 27 Jul 2009 15:00:31 GMT

--- Comment #4 from Ruediger Pluem <>  2009-07-27 08:00:30 PST ---
(In reply to comment #3)
> So why is your site using crypt with the maximum character set to 16 for
> passwords?  Wouldn't you be susceptible to a dictionary attack of all words
> with 8 characters and get all users with 8+ character passwords?  Its not like
> you lock out the account after multiple attempts.

I guess we need to separate two things here:

1. The things about httpd you reported. I think this is now fairly closed down
to a documentation improvement regarding the 8 character limit of crypt.

2. The login to the Bugzilla site here (I assume you talk about the Bugzilla
site). Regarding the Bugzilla site I cannot offer more information. Maybe one
of the Bugzilla Guru's wants to chime in.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message