httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47573] htpasswd vulnerable after 8 characters
Date Mon, 27 Jul 2009 15:00:31 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47573





--- Comment #4 from Ruediger Pluem <rpluem@apache.org>  2009-07-27 08:00:30 PST ---
(In reply to comment #3)
> So why is your site using crypt with the maximum character set to 16 for
> passwords?  Wouldn't you be susceptible to a dictionary attack of all words
> with 8 characters and get all users with 8+ character passwords?  Its not like
> you lock out the account after multiple attempts.

I guess we need to separate two things here:

1. The things about httpd you reported. I think this is now fairly closed down
to a documentation improvement regarding the 8 character limit of crypt.

2. The login to the Bugzilla site here (I assume you talk about the Bugzilla
site). Regarding the Bugzilla site I cannot offer more information. Maybe one
of the Bugzilla Guru's wants to chime in.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message