FS#20302 - {bugtracker} Password length issue

Attached to Project: Arch Linux
Opened by Peter Hultqvist (phq) - Wednesday, 28 July 2010, 15:25 GMT
Last edited by Allan McRae (Allan) - Saturday, 17 November 2012, 02:08 GMT
Task Type Bug Report
Category Web Sites
Status Closed
Assigned To Roman Kyrylych (Romashka)
Andrea Scarpino (BaSh)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Changing password accepts 32 character long passwords.
Later when I try to login the password does not work.

Shorter passwords of 8 characters works.

Password length sensitivity can indicate clear text storage of the passwords which would be bad.

This task depends upon

Closed by  Allan McRae (Allan)
Saturday, 17 November 2012, 02:08 GMT
Reason for closing:  Upstream
Comment by Dan McGee (toofishes) - Wednesday, 28 July 2010, 17:52 GMT
This is not a good bug report. What package? How did you change your password? Are we even talking about the system here, or are we talking about one of our many websites?
Comment by Pierre Schmitz (Pierre) - Wednesday, 28 July 2010, 18:15 GMT
I guess this is about flyspray as this is was posted in the bugtracker category. Looking at the password fields in the users table it looks like md5sum hashes were used.

Anyway; as the upstream project is quite dead I don't think a lot will happen here. (Unless someone proposes a patch)

Loading...